1 / 18

Intrusion Detection

Intrusion Detection. Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007. WHAT IS SECURITY. ISO 7498-2 defines five security services Confidentiality (secrecy) Authentication (identify verification) Integrity Access control Users also would likely include

caraf
Download Presentation

Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

  2. WHAT IS SECURITY • ISO 7498-2 defines five security services • Confidentiality (secrecy) • Authentication (identify verification) • Integrity • Access control • Users also would likely include • Preventing spam • Preventing denial of service • Privacy • …

  3. Security Terminology • Vulnerabilities • security flaws in systems • Attacks • means of exploiting vulnerabilities • Countermeasures • technical or procedural means of addressing vulnerabilities or thwarting specific attacks • Threats • motivated adversaries capable of mounting attacks which exploit vulnerabilities

  4. Types of violation • Attack • Attempts to exploit a vulnerability • Ex: denial of service, privilege escalation • Intrusion • Masquerading as another legitimate user • Misuse • User abuses privileges • Often called the “insider threat”

  5. Intrusion “Any intentional event where an intruder gains access that compromises the confidentiality, integrity, or availability of computers, networks, or the data residing on them.” Credit: CERT-CC Security Improvement Module 8: Responding to Intrusions

  6. Why Systems Are Vulnerable Contemporary Security Challenges and Vulnerabilities

  7. Why Systems Are Vulnerable (Continued) Internet Vulnerabilities: • Use of fixed Internet addresses through use of cable modems or DSL • Lack of encryption with most Voice over IP (VoIP) • Widespread use of e-mail and instant messaging (IM)

  8. Intrusion Detection and Computer Security • Computer security goals: • Confidentiality, integrity, and availability • Intrusion is a set of actions aimed to compromise these security goals • Intrusion prevention (authentication, encryption, etc.) alone is not sufficient • Intrusion detection is needed

  9. Intrusion Examples • Intrusions: Any set of actions that threaten the integrity, availability, or confidentiality of a network resource • Examples • Denial of service (DoS): attempts to starve a host of resources needed to function correctly • Worms and viruses: replicating on other hosts

  10. Intrusion Detection • Intrusion detection:The process of monitoring and analyzing the events occurring in a computer and/or network system in order to detect signs of security problems • Primary assumption: User and program activities can be monitored and modeled • Steps • Monitoring and analyzing traffic • Identifying abnormal activities • Assessing severity and raising alarm

  11. IDS Architecture • Sensors (agent) • to collect data and forward info to the analyzer • network packets • log files • system call traces • Analyzers (detector) • To receive input from one or more sensors or from other analyzers • To determine if an intrusion has occurred • User interface • To enable a user to view output from the system or control the behavior of the system

  12. Intrusion Detection Model Activity Data Source Operator Sensor Event Notification Analyser Event Sensor Response Alert Security Policy Manager Administrator Credit: IETF: Intrusion Detection Message Exchange Requirements (Internet Draft)

  13. Intrusion Detection Systems • Detect intrusive behaviour in an automated fashion • Monitor activity both across networks (NIDS) and within hosts (HIDS) • Analyse activity for signs of intrusion • Signature based • Anomaly based • Respond to predetermined triggers by: • Blocking specific actions

  14. Common Defense Strategies • Firewalls • Intrusion Detection Systems • Anti-virus technology (in hosts and in mail gateways) • Anti-spam technology (in hosts and in mail gateways) • Periodic penetration testing (enterprise nets) • Centralized patch management (enterprise nets) • Anti-DOS mechanisms (ISPs)

  15. Defining Policy • Consider this example • A hospital deploys a database system for patient records. The system consists of a centralized DB server accessed by client systems in the hospital. Clients access the information through a network of connected PCs and via wireless PDAs • What sorts of policy statements can we make about the hardware? Software? Users?

  16. Defining Policy • Possible statements • The DB server software will be kept up to date • Unused network services (ports) on the DB server will be disabled • Wireless access will employ strong cryptographic protocols • Users are prohibited from examining records of patients not in their care • Machine readable policy is very hard problem • Particularly for misfeasance (i.e. insiders)

  17. Info • Case studyCourse :Intrusion detection and hacker exploits • Presented to: Dr . Lo’ai Tawalbeh • Homepage:http://www.isrc.qut.edu.au/about/people/aclark/questnet2003-ac-ids.ppt

  18. Presented to: Dr. lo’ai tawalbeh • Course :Intrusion detection and hacker exploits

More Related