SlideShare a Scribd company logo

L2 Intrusion Detection System (IDS)

β€’Download as PPT, PDFβ€’
β€’
Rushdi Shams
Rushdi Shams
Technology
1 of 30
Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
ο‚ž If a computer is on the Internet, or receives data from the Internet, including Web browsing or email, then security is a problem. ο‚ž This is true for everyone, as automated scanners and worms do not make distinctions between targets. ο‚ž Simply, if your system has vulnerabilities, it will be hit. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
ο‚ž Because security problems are ubiquitous, security solutions should be also. ο‚ž To be effective, this security must follow a "defense in depth" strategy or a layered approach. This means that security is layered in hopes that if an attack passes through one layer, it is caught by the next, or the next. ο‚ž Defense in depth combines network security and host- based security (especially antivirus software). ο‚ž While each layer is important, no layer is sufficient on its own. ο‚ž Many end users make the mistake of thinking that a firewall, by itself, constitutes network security. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
ο‚ž With market penetration of firewalls reaching more than 95 percent, security problems still persist for organizations large and small. ο‚ž simply allowing Web traffic allows all Web traffic, including that which is malicious. ο‚ž The next step that many organizations have taken is to install intrusion detection systems (IDS), which can monitor traffic for attack signatures that represent hostile activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
ο‚ž Intrusion detection (ID) is a type of security management system for computers and networks. ο‚ž An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both β€Ί intrusions (attacks from outside the organization) and β€Ί misuse (attacks from within the organization). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
ο‚ž ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
ο‚ž Monitoring and analyzing both user and system activities ο‚ž Analyzing system configurations and vulnerabilities ο‚ž Assessing system and file integrity ο‚ž Ability to recognize patterns typical of attacks ο‚ž Analysis of abnormal activity patterns ο‚ž Tracking user policy violations Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
ο‚ž Typically, an ID system follows a two-step process. ο‚ž The first procedures are host-based and are considered the passive component, β€Ί inspection of the system's configuration files to detect inadvisable settings β€Ί inspection of the password files to detect inadvisable passwords β€Ί inspection of other system areas to detect policy violations. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
ο‚ž The second procedures are network-based and are considered the active component ο‚ž mechanisms are set in place to reenact known methods of attack and to record system responses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
ο‚ž Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. ο‚ž A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. ο‚ž Using the captured data, the IDS system processes and flags any suspicious traffic. ο‚ž The role of a network IDS is passive, only gathering, identifying, logging and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
ο‚ž attempts to identify unauthorized, illicit, and anomalous behavior on a specific device. ο‚ž HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity. ο‚ž The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity. ο‚ž The role of a host IDS is passive, only gathering, identifying, logging, and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
ο‚ž A honeypot is a simply a system program or file that has absolutely no purpose in production. ο‚ž Therefore, we can always assume that if the honeypot is accessed, it is for some reason unrelated to ο‚ž Honeypots are probably one of the last security tools an organization should implement. This is primarily because of the concern that somebody may use the honeypot to attack other systems. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
ο‚ž A honeypot can also be a computer on your network to look and act like a legitimate computer but actually is configured to interact with potential hackers ο‚ž Honeypots are known also as a sacrificial lamb, decoy, or booby trap. ο‚ž The more realistic the interaction, the longer the attacker will stay occupied on honeypot systems and away from your production systems. ο‚ž The longer the hacker stays using the honeypot, the more will be disclosed about their techniques. ο‚ž This information can be used to identify what they are after, what is their skill level, and what tools do they use. ο‚ž All this information is then used to better prepare your network and host defenses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
ο‚ž Step 1: Node A transmits a frame to Node C. ο‚ž Step 2: The hub will broadcast this frame to each active port. ο‚ž Step 3: Node B will receive the frame and will examine the address in the frame. After determining that it is not the intended host, it will discard the frame. ο‚ž Step 4: Node C will also receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
ο‚ž In order for a host to be used as a sniffing agent, the network interface must be set to 'promiscuous' mode. ο‚ž Setting this mode requires root or administrator access. ο‚ž After this mode is set, the network interface will no longer drop network frames which are addressed to other hosts. ο‚ž Rather, it will pass them up to the higher network layers with the expectation that some software at a higher layer will process them. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
ο‚ž Step 1: Node A transmits a frame to Node C. ο‚ž Step 2: The hub will broadcast this frame to each active port. ο‚ž Step 3: Node B will receive this frame and will accept it because the network interface has been set to 'promiscuous' mode. This allows a network interface to accept any frames, regardless of the MAC (Media Access Control) address in the frame ο‚ž Step 4: Node C will also receive the frame and will process it as expected. It has no way of knowing that another host has also processed the frame. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
ο‚ž Step 1: Node A transmits a frame to Node C. ο‚ž Step 2: The switch will examine this frame and determine what the intended host is. It will then set up a connection between Node A and Node C so that they have a 'private' connection. ο‚ž Step 3: Node C will receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
ARP Spoofing ο‚ž when Node A wants to communicate with Node C on the network, it sends an ARP request. ο‚ž Node C will send an ARP reply which will include the MAC address. ο‚ž Even in a switched environment, this initial ARP request is sent in a broadcast manner. ο‚ž It is possible for Node B to craft and send an unsolicited, fake ARP reply to Node A. ο‚ž This fake ARP reply will specify that Node B has the MAC address of Node C. ο‚ž Node A will unwittingly send the traffic to Node B since it professes to have the intended MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
MAC Flooding ο‚ž On some switches, it is possible to bombard the switch with bogus MAC address data. ο‚ž The switch, not knowing how to handle the excess data, will 'fail open'. ο‚ž That is, it will revert to a hub and will broadcast all network frames to all ports. ο‚ž At this point, one of the more generic network sniffers will work. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
MAC Duplicating ο‚ž You reconfigure Node B to have the same MAC address as the machine whose traffic you're trying to sniff. ο‚ž This is easy to do on a Linux box if you have access to the 'ifconfig' command. ο‚ž This differs from ARP Spoofing because, in ARP Spoofing, we are 'confusing' the host by poisoning it's ARP cache. ο‚ž In a MAC Duplicating attack, we actually confuse the switch itself into thinking two ports have the same MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
IP Filtering ο‚ž By enabling IP filtering on your switch, you directly specify which traffic is allowed to flow to and from each port. ο‚ž This can be a monumental effort to put in place and manage, especially if your environment is dynamic. Port Security ο‚ž If your hub or switch has the ability to enable port security, this will help to protect you from both the MAC Flood and MAC Spoofing attacks. ο‚ž These feature effectively prevents the hub or switch from recognizing more than 1 MAC address on a physical port. Routing Security ο‚ž No workstations should be allowed to run a routing protocol as they may be compromised. ο‚ž management of any of your network gear should be through a secure connection and not through telnet which passes the administrative login/password in cleartext. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
ο‚ž knowledge-based intrusion detection techniques apply the knowledge accumulated about specific attacks and system vulnerabilities. ο‚ž IDS contains information about these vulnerabilities and looks for attempts to exploit these vulnerabilities. ο‚ž When such an attempt is detected, an alarm is triggered. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
ο‚ž In other words, any action that is not explicitly recognized as an attack is considered acceptable. ο‚ž Therefore, the accuracy of knowledge-based intrusion detection systems is considered good. ο‚ž However, their completeness (i.e. the fact that they detect all possible attacks) depends on the regular update of knowledge about attacks. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23
ο‚ž Advantages of the knowledge-based approaches are that they have the potential for very low false alarm rates Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 24
ο‚ž Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. ο‚ž The model of normal or valid behavior is extracted from reference information collected by various means. ο‚ž The intrusion detection system later compares this model with the current activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 25
ο‚ž When a deviation is observed, an alarm is generated. ο‚ž In other words, anything that does not correspond to a previously learned behavior is considered intrusive. ο‚ž Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 26
ο‚ž Advantages of behavior-based approaches are that they can detect attempts to exploit new and unforeseen vulnerabilities. ο‚ž They can even contribute to the (partially) automatic discovery of these new attacks. ο‚ž They also help detect 'abuse of privileges' types of attacks that do not actually involve exploiting any security vulnerability. ο‚ž In short, this is the paranoid approach: Everything which has not been seen previously is dangerous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 27
ο‚ž The high false alarm rate is generally cited as the main drawback of behavior-based techniques because the entire scope of the behavior of an information system may not be covered during the learning phase. ο‚ž Also, behavior can change over time, introducing the need for periodic online retraining of the behavior profile, resulting either in unavailability of the intrusion detection system or in additional false alarms. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 28
ο‚ž The information system can undergo attacks at the same time the intrusion detection system is learning the behavior. As a result, the behavior profile contains intrusive behavior, which is not detected as anomalous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 29
Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 30

Recommended

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
Β 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
Β 
Stuxnet
StuxnetStuxnet
StuxnetShishir Aryal
Β 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
Β 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
Β 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
Β 

Recommended

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
Β 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
Β 
Stuxnet
StuxnetStuxnet
StuxnetShishir Aryal
Β 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
Β 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
Β 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
Β 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
Β 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
Β 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
Β 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
Β 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Disha Bedi
Β 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
Β 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
Β 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
Β 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
Β 
Snort
SnortSnort
SnortStickman Hai
Β 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
Β 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
Β 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
Β 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAkhil Kumar
Β 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAltacit Global
Β 
PIC your malware
PIC your malwarePIC your malware
PIC your malwareCODE WHITE GmbH
Β 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
Β 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA securityCysinfo Cyber Security Community
Β 
L4 vpn
L4 vpnL4 vpn
L4 vpnRushdi Shams
Β 
L5 understanding hacking
L5 understanding hackingL5 understanding hacking
L5 understanding hackingRushdi Shams
Β 

More Related Content

What's hot

Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
Β 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
Β 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
Β 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
Β 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Disha Bedi
Β 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
Β 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
Β 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
Β 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
Β 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
Β 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
Β 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
Β 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAkhil Kumar
Β 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
Β 

What's hot (20)

Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Β 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Β 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Β 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Β 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Β 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Β 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Β 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Β 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
Β 
Snort
SnortSnort
Snort
Β 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
Β 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
Β 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Β 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
Β 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Β 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Β 
PIC your malware
PIC your malwarePIC your malware
PIC your malware
Β 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014
Β 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
Β 

Viewers also liked

L5 understanding hacking
L5 understanding hackingL5 understanding hacking
L5 understanding hackingRushdi Shams
Β 
L1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationL1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationRushdi Shams
Β 
Belief function
Belief functionBelief function
Belief functionRushdi Shams
Β 
Semi-supervised classification for natural language processing
Semi-supervised classification for natural language processingSemi-supervised classification for natural language processing
Semi-supervised classification for natural language processingRushdi Shams
Β 
Probabilistic logic
Probabilistic logicProbabilistic logic
Probabilistic logicRushdi Shams
Β 
L15 fuzzy logic
L15 fuzzy logicL15 fuzzy logic
L15 fuzzy logicRushdi Shams
Β 
Knowledge structure
Knowledge structureKnowledge structure
Knowledge structureRushdi Shams
Β 
Knowledge representation
Knowledge representationKnowledge representation
Knowledge representationRushdi Shams
Β 
Propositional logic
Propositional logicPropositional logic
Propositional logicRushdi Shams
Β 
Syntax and semantics
Syntax and semanticsSyntax and semantics
Syntax and semanticsRushdi Shams
Β 
Natural Language Processing: Parsing
Natural Language Processing: ParsingNatural Language Processing: Parsing
Natural Language Processing: ParsingRushdi Shams
Β 
First order logic
First order logicFirst order logic
First order logicRushdi Shams
Β 
Types of machine translation
Types of machine translationTypes of machine translation
Types of machine translationRushdi Shams
Β 
Propositional And First-Order Logic
Propositional And First-Order LogicPropositional And First-Order Logic
Propositional And First-Order Logicankush_kumar
Β 

Viewers also liked (17)

L4 vpn
L4 vpnL4 vpn
L4 vpn
Β 
L5 understanding hacking
L5 understanding hackingL5 understanding hacking
L5 understanding hacking
Β 
L1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationL1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translation
Β 
Belief function
Belief functionBelief function
Belief function
Β 
Semi-supervised classification for natural language processing
Semi-supervised classification for natural language processingSemi-supervised classification for natural language processing
Semi-supervised classification for natural language processing
Β 
L1 phishing
L1 phishingL1 phishing
L1 phishing
Β 
Probabilistic logic
Probabilistic logicProbabilistic logic
Probabilistic logic
Β 
L3 defense
L3 defenseL3 defense
L3 defense
Β 
L15 fuzzy logic
L15 fuzzy logicL15 fuzzy logic
L15 fuzzy logic
Β 
Knowledge structure
Knowledge structureKnowledge structure
Knowledge structure
Β 
Knowledge representation
Knowledge representationKnowledge representation
Knowledge representation
Β 
Propositional logic
Propositional logicPropositional logic
Propositional logic
Β 
Syntax and semantics
Syntax and semanticsSyntax and semantics
Syntax and semantics
Β 
Natural Language Processing: Parsing
Natural Language Processing: ParsingNatural Language Processing: Parsing
Natural Language Processing: Parsing
Β 
First order logic
First order logicFirst order logic
First order logic
Β 
Types of machine translation
Types of machine translationTypes of machine translation
Types of machine translation
Β 
Propositional And First-Order Logic
Propositional And First-Order LogicPropositional And First-Order Logic
Propositional And First-Order Logic
Β 

Similar to L2 Intrusion Detection System (IDS)

Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
Β 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
Β 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
Β 
Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)IOSR Journals
Β 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
Β 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2Amargo Durazno
Β 
CY.pptx
CY.pptxCY.pptx
CY.pptxCATalyst9
Β 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerIRJET Journal
Β 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
Β 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
Β 
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...IJERA Editor
Β 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
Β 
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET Journal
Β 
Open port vulnerability
Open port vulnerabilityOpen port vulnerability
Open port vulnerabilitySamaresh Debbarma
Β 
aGHLecture2_2017.pptx
aGHLecture2_2017.pptxaGHLecture2_2017.pptx
aGHLecture2_2017.pptxRituParna42
Β 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
Β 
1376841709 17879811
1376841709 178798111376841709 17879811
1376841709 17879811Editor Jacotech
Β 
An Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using HoneypotAn Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using HoneypotEditor Jacotech
Β 

Similar to L2 Intrusion Detection System (IDS) (20)

Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
Β 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
Β 
Honeypot
HoneypotHoneypot
Honeypot
Β 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
Β 
G011123539
G011123539G011123539
G011123539
Β 
Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)
Β 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
Β 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
Β 
CY.pptx
CY.pptxCY.pptx
CY.pptx
Β 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
Β 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
Β 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Β 
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
Β 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Β 
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
Β 
Open port vulnerability
Open port vulnerabilityOpen port vulnerability
Open port vulnerability
Β 
aGHLecture2_2017.pptx
aGHLecture2_2017.pptxaGHLecture2_2017.pptx
aGHLecture2_2017.pptx
Β 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Β 
1376841709 17879811
1376841709 178798111376841709 17879811
1376841709 17879811
Β 
An Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using HoneypotAn Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using Honeypot
Β 

More from Rushdi Shams

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchRushdi Shams
Β 
Common evaluation measures in NLP and IR
Common evaluation measures in NLP and IRCommon evaluation measures in NLP and IR
Common evaluation measures in NLP and IRRushdi Shams
Β 
Machine learning with nlp 101
Machine learning with nlp 101Machine learning with nlp 101
Machine learning with nlp 101Rushdi Shams
Β 
L2 l3 l4 software process models
L2 l3 l4 software process modelsL2 l3 l4 software process models
L2 l3 l4 software process modelsRushdi Shams
Β 
L1 overview of software engineering
L1 overview of software engineeringL1 overview of software engineering
L1 overview of software engineeringRushdi Shams
Β 
L13 why software fails
L13 why software failsL13 why software fails
L13 why software failsRushdi Shams
Β 
Lecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsLecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsRushdi Shams
Β 
Lecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksLecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksRushdi Shams
Β 
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsLecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsRushdi Shams
Β 
Lecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingLecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingRushdi Shams
Β 
Lecture 1 and 2 processes
Lecture 1 and 2 processesLecture 1 and 2 processes
Lecture 1 and 2 processesRushdi Shams
Β 
Lecture 3 and 4 threads
Lecture 3 and 4 threadsLecture 3 and 4 threads
Lecture 3 and 4 threadsRushdi Shams
Β 
Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Rushdi Shams
Β 
My slide relational algebra
My slide relational algebraMy slide relational algebra
My slide relational algebraRushdi Shams
Β 

More from Rushdi Shams (14)

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better Research
Β 
Common evaluation measures in NLP and IR
Common evaluation measures in NLP and IRCommon evaluation measures in NLP and IR
Common evaluation measures in NLP and IR
Β 
Machine learning with nlp 101
Machine learning with nlp 101Machine learning with nlp 101
Machine learning with nlp 101
Β 
L2 l3 l4 software process models
L2 l3 l4 software process modelsL2 l3 l4 software process models
L2 l3 l4 software process models
Β 
L1 overview of software engineering
L1 overview of software engineeringL1 overview of software engineering
L1 overview of software engineering
Β 
L13 why software fails
L13 why software failsL13 why software fails
L13 why software fails
Β 
Lecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsLecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systems
Β 
Lecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksLecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocks
Β 
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsLecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Β 
Lecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingLecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu scheduling
Β 
Lecture 1 and 2 processes
Lecture 1 and 2 processesLecture 1 and 2 processes
Lecture 1 and 2 processes
Β 
Lecture 3 and 4 threads
Lecture 3 and 4 threadsLecture 3 and 4 threads
Lecture 3 and 4 threads
Β 
Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)
Β 
My slide relational algebra
My slide relational algebraMy slide relational algebra
My slide relational algebra
Β 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
Β 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
Β 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
Β 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
Β 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
Β 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
Β 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
Β 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
Β 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
Β 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
Β 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
Β 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
Β 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
Β 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
Β 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
Β 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
Β 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
Β 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
Β 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
Β 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraΓΊjo
Β 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Β 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Β 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Β 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
Β 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Β 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Β 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Β 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Β 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Β 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Β 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Β 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Β 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Β 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Β 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Β 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Β 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Β 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Β 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Β 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Β 

L2 Intrusion Detection System (IDS)

  • 1. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
  • 2. ο‚ž If a computer is on the Internet, or receives data from the Internet, including Web browsing or email, then security is a problem. ο‚ž This is true for everyone, as automated scanners and worms do not make distinctions between targets. ο‚ž Simply, if your system has vulnerabilities, it will be hit. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
  • 3. ο‚ž Because security problems are ubiquitous, security solutions should be also. ο‚ž To be effective, this security must follow a "defense in depth" strategy or a layered approach. This means that security is layered in hopes that if an attack passes through one layer, it is caught by the next, or the next. ο‚ž Defense in depth combines network security and host- based security (especially antivirus software). ο‚ž While each layer is important, no layer is sufficient on its own. ο‚ž Many end users make the mistake of thinking that a firewall, by itself, constitutes network security. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
  • 4. ο‚ž With market penetration of firewalls reaching more than 95 percent, security problems still persist for organizations large and small. ο‚ž simply allowing Web traffic allows all Web traffic, including that which is malicious. ο‚ž The next step that many organizations have taken is to install intrusion detection systems (IDS), which can monitor traffic for attack signatures that represent hostile activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
  • 5. ο‚ž Intrusion detection (ID) is a type of security management system for computers and networks. ο‚ž An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both β€Ί intrusions (attacks from outside the organization) and β€Ί misuse (attacks from within the organization). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
  • 6. ο‚ž ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
  • 7. ο‚ž Monitoring and analyzing both user and system activities ο‚ž Analyzing system configurations and vulnerabilities ο‚ž Assessing system and file integrity ο‚ž Ability to recognize patterns typical of attacks ο‚ž Analysis of abnormal activity patterns ο‚ž Tracking user policy violations Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
  • 8. ο‚ž Typically, an ID system follows a two-step process. ο‚ž The first procedures are host-based and are considered the passive component, β€Ί inspection of the system's configuration files to detect inadvisable settings β€Ί inspection of the password files to detect inadvisable passwords β€Ί inspection of other system areas to detect policy violations. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
  • 9. ο‚ž The second procedures are network-based and are considered the active component ο‚ž mechanisms are set in place to reenact known methods of attack and to record system responses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
  • 10. ο‚ž Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. ο‚ž A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. ο‚ž Using the captured data, the IDS system processes and flags any suspicious traffic. ο‚ž The role of a network IDS is passive, only gathering, identifying, logging and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
  • 11. ο‚ž attempts to identify unauthorized, illicit, and anomalous behavior on a specific device. ο‚ž HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity. ο‚ž The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity. ο‚ž The role of a host IDS is passive, only gathering, identifying, logging, and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
  • 12. ο‚ž A honeypot is a simply a system program or file that has absolutely no purpose in production. ο‚ž Therefore, we can always assume that if the honeypot is accessed, it is for some reason unrelated to ο‚ž Honeypots are probably one of the last security tools an organization should implement. This is primarily because of the concern that somebody may use the honeypot to attack other systems. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
  • 13. ο‚ž A honeypot can also be a computer on your network to look and act like a legitimate computer but actually is configured to interact with potential hackers ο‚ž Honeypots are known also as a sacrificial lamb, decoy, or booby trap. ο‚ž The more realistic the interaction, the longer the attacker will stay occupied on honeypot systems and away from your production systems. ο‚ž The longer the hacker stays using the honeypot, the more will be disclosed about their techniques. ο‚ž This information can be used to identify what they are after, what is their skill level, and what tools do they use. ο‚ž All this information is then used to better prepare your network and host defenses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
  • 14. ο‚ž Step 1: Node A transmits a frame to Node C. ο‚ž Step 2: The hub will broadcast this frame to each active port. ο‚ž Step 3: Node B will receive the frame and will examine the address in the frame. After determining that it is not the intended host, it will discard the frame. ο‚ž Step 4: Node C will also receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
  • 15. ο‚ž In order for a host to be used as a sniffing agent, the network interface must be set to 'promiscuous' mode. ο‚ž Setting this mode requires root or administrator access. ο‚ž After this mode is set, the network interface will no longer drop network frames which are addressed to other hosts. ο‚ž Rather, it will pass them up to the higher network layers with the expectation that some software at a higher layer will process them. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
  • 16. ο‚ž Step 1: Node A transmits a frame to Node C. ο‚ž Step 2: The hub will broadcast this frame to each active port. ο‚ž Step 3: Node B will receive this frame and will accept it because the network interface has been set to 'promiscuous' mode. This allows a network interface to accept any frames, regardless of the MAC (Media Access Control) address in the frame ο‚ž Step 4: Node C will also receive the frame and will process it as expected. It has no way of knowing that another host has also processed the frame. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
  • 17. ο‚ž Step 1: Node A transmits a frame to Node C. ο‚ž Step 2: The switch will examine this frame and determine what the intended host is. It will then set up a connection between Node A and Node C so that they have a 'private' connection. ο‚ž Step 3: Node C will receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
  • 18. ARP Spoofing ο‚ž when Node A wants to communicate with Node C on the network, it sends an ARP request. ο‚ž Node C will send an ARP reply which will include the MAC address. ο‚ž Even in a switched environment, this initial ARP request is sent in a broadcast manner. ο‚ž It is possible for Node B to craft and send an unsolicited, fake ARP reply to Node A. ο‚ž This fake ARP reply will specify that Node B has the MAC address of Node C. ο‚ž Node A will unwittingly send the traffic to Node B since it professes to have the intended MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
  • 19. MAC Flooding ο‚ž On some switches, it is possible to bombard the switch with bogus MAC address data. ο‚ž The switch, not knowing how to handle the excess data, will 'fail open'. ο‚ž That is, it will revert to a hub and will broadcast all network frames to all ports. ο‚ž At this point, one of the more generic network sniffers will work. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
  • 20. MAC Duplicating ο‚ž You reconfigure Node B to have the same MAC address as the machine whose traffic you're trying to sniff. ο‚ž This is easy to do on a Linux box if you have access to the 'ifconfig' command. ο‚ž This differs from ARP Spoofing because, in ARP Spoofing, we are 'confusing' the host by poisoning it's ARP cache. ο‚ž In a MAC Duplicating attack, we actually confuse the switch itself into thinking two ports have the same MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
  • 21. IP Filtering ο‚ž By enabling IP filtering on your switch, you directly specify which traffic is allowed to flow to and from each port. ο‚ž This can be a monumental effort to put in place and manage, especially if your environment is dynamic. Port Security ο‚ž If your hub or switch has the ability to enable port security, this will help to protect you from both the MAC Flood and MAC Spoofing attacks. ο‚ž These feature effectively prevents the hub or switch from recognizing more than 1 MAC address on a physical port. Routing Security ο‚ž No workstations should be allowed to run a routing protocol as they may be compromised. ο‚ž management of any of your network gear should be through a secure connection and not through telnet which passes the administrative login/password in cleartext. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
  • 22. ο‚ž knowledge-based intrusion detection techniques apply the knowledge accumulated about specific attacks and system vulnerabilities. ο‚ž IDS contains information about these vulnerabilities and looks for attempts to exploit these vulnerabilities. ο‚ž When such an attempt is detected, an alarm is triggered. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
  • 23. ο‚ž In other words, any action that is not explicitly recognized as an attack is considered acceptable. ο‚ž Therefore, the accuracy of knowledge-based intrusion detection systems is considered good. ο‚ž However, their completeness (i.e. the fact that they detect all possible attacks) depends on the regular update of knowledge about attacks. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23
  • 24. ο‚ž Advantages of the knowledge-based approaches are that they have the potential for very low false alarm rates Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 24
  • 25. ο‚ž Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. ο‚ž The model of normal or valid behavior is extracted from reference information collected by various means. ο‚ž The intrusion detection system later compares this model with the current activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 25
  • 26. ο‚ž When a deviation is observed, an alarm is generated. ο‚ž In other words, anything that does not correspond to a previously learned behavior is considered intrusive. ο‚ž Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 26
  • 27. ο‚ž Advantages of behavior-based approaches are that they can detect attempts to exploit new and unforeseen vulnerabilities. ο‚ž They can even contribute to the (partially) automatic discovery of these new attacks. ο‚ž They also help detect 'abuse of privileges' types of attacks that do not actually involve exploiting any security vulnerability. ο‚ž In short, this is the paranoid approach: Everything which has not been seen previously is dangerous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 27
  • 28. ο‚ž The high false alarm rate is generally cited as the main drawback of behavior-based techniques because the entire scope of the behavior of an information system may not be covered during the learning phase. ο‚ž Also, behavior can change over time, introducing the need for periodic online retraining of the behavior profile, resulting either in unavailability of the intrusion detection system or in additional false alarms. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 28
  • 29. ο‚ž The information system can undergo attacks at the same time the intrusion detection system is learning the behavior. As a result, the behavior profile contains intrusive behavior, which is not detected as anomalous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 29
  • 30. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 30