by surapheal belay itec 6322 spring 2009 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Prevent Anomalous Activities (from the inside) PowerPoint Presentation
Download Presentation
Prevent Anomalous Activities (from the inside)

Loading in 2 Seconds...

play fullscreen
1 / 9

Prevent Anomalous Activities (from the inside) - PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on

By: Surapheal Belay ITEC 6322 / Spring 2009. Prevent Anomalous Activities (from the inside). ABSTRACT.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Prevent Anomalous Activities (from the inside)' - gudrun


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
abstract
ABSTRACT

NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of IDPS technologies. IDPS is the process of monitoring the events occurring in a computer network and analyzing them for signs of possible incidents.

problem statement
PROBLEM STATEMENT
  • Nonetheless, how do you secure a threat that is not external but internal? What happens when intrusion detection and prevention system does not catch the threat?
  • The solution would be a network behavior analysis tool.
what is unusual traffic flows
WHAT IS UNUSUAL TRAFFIC FLOWS?

NIST explains unusual traffic flows as anything outside of the baseline. For example, distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing network services to other systems).

what is network behavior analysis
WHAT IS NETWORK BEHAVIOR ANALYSIS?
  • Network behavior analysis provides a variety of security capabilities; such as, information gathering, logging, detection, and prevention.
network monitoring to prevent malicious activities
NETWORK MONITORING TO PREVENT MALICIOUS ACTIVITIES
  • Flow Matrix by Akma Labs is a free security tool that provides network behavioral analysis and anomaly detection.
  • Scrutinizer by Plixer International provides the same service as Flow Matrix along with more services for detection, logging, and a much better GUI design that is easy to read.
summary
SUMMARY

Network behavior analysis (NBA) is a way to enhance the security of a computer network by monitoring traffic and noting unusual actions or departures from normal operation.

Conventional IDPS solutions defend a network's perimeter by using packet inspection, signature detection and real-time blocking.

NBA solutions watch what's happening inside the network.

references
REFERENCES
  • http://www.plixer.com/products/scrutinizer.php
  • http://www.akmalabs.com/flowmatrix.php
  • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1225491,00.html
  • http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
  • http://www.forbes.com/feeds/ap/2009/05/07/ap6394254.html
  • http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=212901505
  • http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm
  • http://www.computerweekly.com/Articles/2008/01/17/228976/ikea-plugs-website-security-breach.htm
  • http://cpanelsecurity.com/2008/01/17/ikea-plugs-website-security-breach-computer-weekly/