1 / 20

Intrusion

Intrusion. Detection. Systems. By: William Pinkerton and Sean Burnside. What is IDS. IDS is the acronym for Intrusion Detection Systems Secure systems from attack Attacks on a system are through the network, by either: Crackers Hackers Disgruntled Employees

violet
Download Presentation

Intrusion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intrusion Detection Systems By: William Pinkerton and Sean Burnside

  2. What is IDS • IDS is the acronym for Intrusion Detection Systems • Secure systems from attack • Attacks on a system are through the network, by either: • Crackers • Hackers • Disgruntled Employees • Five different kinds of intrusion detection systems • Network-based • Protocol-based • Application-based • Host-based • Hybrid

  3. History of IDS • Began • Mid 1980’s • James P. Anderson • “Computer Security Threat Monitoring and Surveillance” • Fred Cohen • The inventor of defenses against viruses • Said, “It is impossible to detect an intrusion in every case” and “the resources needed to detect intrusion grows with the amount of usage” • Dorthy E. Denning assisted by Peter Neuman • Created an anomaly-based intrusion detection system • Named Intrusion Detection Expert System • Later version was named Next-generation Intrusion Detection Expert System

  4. Passive vs. Reactive Systems • Passive System • First detects a breach • Logs the breach and/or alerts the administrator(s) • Reactive System • Takes more action of alerting the breach, by either: • Resetting the connection • Reprograms the firewall

  5. Firewall and Antivirus vs. IDS • Firewall • Blocks potentially harmful incoming or outgoing traffic • Does not detect intrusions • Antivirus • Scans files to identify or eliminate, either: • Malicious Software • Computer Viruses • Intrusion Detection Systems • Alert an administrator(s) of suspicious activity • Looks for intrusions before they happen • **Note: For maximum protection it is best to have all three!!**

  6. 5 Methods of IDS • Network-based Intrusion Detection System • Protocol-based Intrusion Detection System • Application-based Intrusion Detection System • Host-based Intrusion Detection System • Hybrid Intrusion Detection System

  7. Network-based Intrusion Detection System • Runs on different points of a network • Scans for DOS attacks, activities on ports and hacking • Also scans incoming and outgoing packets that are bad • Pros • Not much overhead on network • Installing, upkeep and securing is easy • Undetectable by most hacks • Cons • Has trouble with large networks

  8. Network-based Intrusion Detection System (cont.) • Cons (cont.) • Has trouble with switch based networks • No reporting if attack fails or succeeds • Cannot look at encrypted data

  9. Protocol-based Intrusion Detection System • Sits at the front end of a server • Usually used for web servers • Two uses • Making sure a protocol is enforced and used correctly • Teaching the system constructs of a protocol • Pros • Easier for system to pick up on attacks since it is protocol based • Cons • Rules for protocols come out slowly could be a gap in attacks

  10. Host-based Intrusion Detection System • Internally based detection system • Analyses a system four ways • File system monitoring • Logfile analysis • Connection analysis • Kernel based intrusion • Pros • Analyses encrypted data • Can keep up with switch based networks • Provides more information about attacks

  11. Host-based Intrusion Detection System(cont.) • Pros (cont.) • System can tell what processes where used in the attack • System can tell the users involved in the attack • Cons • Decrease in network performance if multiple hosts are analyzed • If the host machine is broken the system can be disabled • Affected by DOS attacks • Needs allot of resources

  12. Application-based Intrusion Detection System • System is application specific • Monitor dynamic behaviors and states of protocol • The system analyzes the communication between applications • Pros • Greater chance of detecting an attack since it is application specific • Can look at encrypted data • Con • Needs a lot of processing power

  13. Hybrid Intrusion Detection System • Combines two or more systems • Pros • It has the same pros as the systems that it is based on • Cons • It has the same cons as the systems that it is based on

  14. Top 5 IDS • Snort • OSSEC HIDS • Fragrouter • BASE • Squil

  15. Lightweight, open source • Originally named bro • Developed by Lawrence Berkeley National Laboratory in 1998 • The most widely used Intrusion detection system • Capable of performing packet logging and real time traffic analysis over IP networks

  16. OSSEC HIDS • Strong log analysis engine • Correlate and analyze logs from different devices and formats • Can be centralized • Many different systems can be monitored • Runs on most operating systems • Linus • OpenBSD • Mac OS X • Solaris • FreeBSD • Windows

  17. Fragrouter • Used to evade intrusion detection systems • Limited to certain operating systems • BSD • Linux • Good tool for finding weaknesses on a network, computers, or servers that ids may not be able to find

  18. BASE • Written in php • Nice web front in • Analyzes data stored in a database that is populated by firewalls, ids, and network monitoring tools

  19. Sguil • Known for it’s graphical user interface • Runs on operating systems that support tcl/tk • Linux • BSD • Solaris • MacOS • Win32 • Network security monitoring • Provides intrusion detection system alerts

  20. Question Time…

More Related