SlideShare uma empresa Scribd logo

Computer Security and Intrusion Detection(IDS/IPS)

•
•
LJ PROJECTS
LJ PROJECTS

This ppt explain you various type of possible attack, security property, Traffic Analysis, Security mechanism Intrusion detection system, vulnerability, Attack framework etc.

Engenharia
1 de 80
Baixar para ler offline
IDS/IPS Computer Security and Intrusion Detection • Communication •Any communication requires 4 entities •Source •Destination •Medium •Protocol – Rule
IDS/IPS Computer Security and Intrusion Detection • Communication – Flow of Information
IDS/IPS Computer Security and Intrusion Detection • Various types of attacks •Interruption •Interception •Modification •Fabrication
IDS/IPS Computer Security and Intrusion Detection • Interruption - state where the asset of a system gets destroyed or becomes un-available • targets the source or the communication channel • prevents the information from reaching the destination
IDS/IPS Computer Security and Intrusion Detection • Interruption - Examples • Cutting the physical cable medium • Overload the carrying medium • Types of Denial of Service (DoS) Attacks
IDS/IPS Computer Security and Intrusion Detection • Interception – un-authorized party gets illegal access to the information traversing through the communication channel. • Examples •Wiretapping
IDS/IPS Computer Security and Intrusion Detection • Modification – information is intercepted and modified . • Examples •MITM Attacks
IDS/IPS Computer Security and Intrusion Detection • Fabrication – attacker inserts forged objects into the system without the senders knowledge and involvement .
IDS/IPS Computer Security and Intrusion Detection • Fabrication – 2 types • Replaying • previously intercepted entity is inserted • Example – Replaying an authentication message. • Masquerading • attacker pretends to be the legitimate source • inserts his / her desired information • Example – Adding new records to a file or database
IDS/IPS Computer Security and Intrusion Detection • Security Property •Desired feature of a system with regard to certain type of attacks. •The four attacks discussed in the previous section violates the various security properties of an information system •Core qualities of any information system
IDS/IPS Computer Security and Intrusion Detection • Security Property •Confidentiality •Integrity •Availability •Authentication •Non Repudiation
IDS/IPS Computer Security and Intrusion Detection • Traffic Analysis - Process of intercepting and examining messages in order to deduce information from patterns in communication. Information collected include: •Source •Destination •Timing of the data •Frequency of a particular message •Type of data / communication
IDS/IPS Computer Security and Intrusion Detection • Non-repudiation Concept of ensuring that a contract cannot later be denied by one of the parties involved. • Describes the mechanism that prevents either sender or receiver from denying a transmitted message. •Non-repudiation of origin – proves data has been sent •Non-repudiation of delivery – proves data has been received
IDS/IPS Computer Security and Intrusion Detection •Security Mechanisms The various actions and countermeasures employed to safeguard the security properties of an information system. •Security Mechanisms – 3 Types •Attack Prevention •Attack Avoidance •Attack Detection
IDS/IPS Computer Security and Intrusion Detection • Attack Prevention Series of security mechanisms implemented to prevent or defend against various kinds of attacks before they can actually reach and affect the target system. •Examples •Access Control •Firewall
IDS/IPS Computer Security and Intrusion Detection • Attack Avoidance Techniques in which the information is modified in a way that makes it unusable for the attacker. •Assumption – Attacker may / has access to the subject information. •Examples • Cryptography
IDS/IPS Computer Security and Intrusion Detection • Attack Detection Process / Technique of reporting that something is able to bypass the security measures (if available), and identifying the type of attack. • Counter measures are initiated to recover from the impact of the attack. •Examples • IDS / IPS
IDS/IPS Computer Security and Intrusion Detection • Intrusion Detection System Intrusion detection encompasses a range of security techniques designed to detect (and report on) malicious system and network activity or to record evidence of intrusion.
IDS/IPS Attack Framework • Types of Events – 2 • Attributable Event can be traced to an authenticated user •Non-attributable Event cannot be traced to an authenticated user. Ex: Any event that occur before authentication in the login process – bad password attempts.
IDS/IPS Attack Framework Vulnerability •Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved •Pen Testers Point of View - From a penetration tester’s point of view, vulnerability is defined as a security weakness in a Target of Evaluation.
IDS/IPS Attack Framework Threat • Any possible event, action, process or phenomenon that can potentially inflict damage on system resources
IDS/IPS Attack Framework Relation between Vulnerability and Threat
IDS/IPS Attack Framework Real Life Case Study – European Space Agency •Ariane 5 Rocket – 10 years and $ 7 million •Capable of placing a pair of three-ton satellites into the orbit. •Launched on 04 Jun 1996
IDS/IPS Attack Framework Immediately after launch, Ariane 5 exploded Case of the explosion a very small computer program trying to stuff a 64-bit number into a 16-bit space See it: http://s.freissinet.free.fr/videos/aria ne5.wmv
IDS/IPS Attack Framework Vulnerability Classification Vulnerabilities can be classified as follows: • Design Vulnerabilities • Implementation Vulnerabilities • Configuration or Operational Vulnerabilities
IDS/IPS Attack Framework Design Vulnerability • When the vulnerability is said to be inherent to the project or design • Very difficult to detect and eliminate as it is inherent to the project • Proper implementation of the product will not get rid of the flaw • Example - TCP/IP protocol stack vulnerability
IDS/IPS Attack Framework Implementation Vulnerability • When an error is introduced into the components of a system, during the implementation stage of a project or algorithm, they are termed as Implementation Vulnerabilities. • Error could be hardware based or software based. • Example – Buffer Overflows
IDS/IPS Attack Framework Configuration Vulnerability • Also known as Operational Vulnerability. • Introduced into the system when the administrator responsible does not perform the proper configuration or sometimes leaving the default configuration on. •Example - Not disabling unwanted services, allowing weak passwords
IDS/IPS Attack Framework Attacks • an assault on system security that derives from an intelligent threat. • an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system •Example - denial of service attacks, penetration and sabotage
IDS/IPS Attack Framework Difference between Attack and Security Event • Attack - the intruder aims at achieving a particular result which could be against the implied security policy • Event – No rules are violated or broken
IDS/IPS Attack Framework Attack Components • Attack realization tool – Example - Port Scanner • Vulnerability – Exploit a known vulnerability • Security Event – actions on target system • Result of the Attack - When an attacker is able to exploit vulnerability and has generated a security event The results of an attack may vary depending upon the security event and vulnerability chosen.
IDS/IPS Attack Framework ATTACKER TARGET PERFORMS ATTACK General Attack Model
IDS/IPS Attack Framework The attacker and target represent the same entity ATTACKER AND TARGET ARE ON THE SAME ENTITY
IDS/IPS Attack Framework Attack Model Categories • Traditional Attack Model • One-to-one Attack Model • One-to-many Attack Model • Distribution Attack Model • Many-to-one Attack Model • Many-to-many Attack Model
IDS/IPS Attack Framework Traditional Attack Model • Attack always originate from a single point. • Single – tier architecture • There is only a single layer between the attacker and the target.
IDS/IPS Attack Framework One-to-one (traditional attack model) • The attacker and target is having a one-to-one relationship. •Attack originates from a single machine.
IDS/IPS Attack Framework One-to-many (traditional attack model) • The attacker and target is having a one-to-many relationship. •Attack originates from a single machine, but more than one target is there
IDS/IPS Attack Framework One-to-many (traditional attack model)
IDS/IPS Attack Framework Distributed Attack Model • Based on many-to-one and many-to-many relationship. • Source of the attack is more than one entity. • The attack packets originate from intermediate systems compromised by the attacker.
IDS/IPS Attack Framework Many-to-one (Distributed attack model) • The attacker and target is having a Many-to-one relationship. •Attack originates from more than one machine. •There is only one target
IDS/IPS Attack Framework Many-to-one (Distributed attack model)
IDS/IPS Attack Framework Many-to-many (Distributed attack model) • The attacker and target is having a Many-to-many relationship. •Attack originates from more than one machine. •There are more than one target
IDS/IPS Attack Framework Many-to-many (Distributed attack model)
IDS/IPS Attack Framework Distributed attack • Reconnaissance – searching for suitable host. • Compromise the system – installing backdoors • Attack Initiation – start the attack using the compromised system.
IDS/IPS Attack Framework Distributed attack - Agents • Two types of special agents •Masters / Servers •Daemons / Clients •Zombie – compromised systems where agents are installed. •Distributed attacks implement a three tier architecture
IDS/IPS Attack Framework Distributed attack - Advantages • Attack Effect – devastating effect as attack originates from multiple locations. • Anonymity – provides high level of anonymity to the attacker. • Hard-to-stop attacks – Very difficult to stop the attack without bringing down or disconnecting the target system
IDS/IPS Attack Framework Intruder • Also known as attacker – first element in the attack model. •person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system •attempts to violate Security by interfering with system Availability, data Integrity or data Confidentialit
IDS/IPS Attack Framework Intruder Types •Black Hat Hacker •Hacker spies support by Govt •Cyber Terrorist •Corporate Spies •Professional Criminals •Vandals
IDS/IPS Attack Framework Incidents •violation or imminent threat of violation that could or results in •a loss of data confidentiality, •disruption of data or system integrity, or disruption or denial of availability •An incident must clearly be a breach of network security.
IDS/IPS Attack Framework Examples of Incidents • DoS • Malicious Code • Unauthorized Access • Inappropriate Usage
IDS/IPS Introduction to IDS and IPS Intrusion - any unauthorized system or network activity on one (or more of) computer(s) or network(s) Intrusion detection systems (IDSs) are software or/and hardware based systems that detect intrusions to your network / host based on a number of telltale signs.
IDS/IPS Introduction to IDS and IPS Two types of IDS: •Active IDS – •attempt to block attacks •respond with countermeasures •alert administrators •Passive IDS – •merely log the intrusion •create audit trails
IDS/IPS Introduction to IDS and IPS IDS can provide the following information on attempted or actual security events •Data destruction •Denial-of-service •Hostile Code •Network or system eavesdropping •System or network mapping and intrusion •Unauthorized access
IDS/IPS Introduction to IDS and IPS Types of IDS •Host - based Intrusion detection system (HIDS) •Network-based intrusion detection system (NIDS) •Hybrid Intrusion Detection Systems
IDS/IPS Introduction to IDS and IPS HIDS •Resides on the host •They scan log files – OS log files, application log files etc •If the log files are corrupt, HIDS is not effective. •The scan output is logged into secure database and compared to detect any intrusion.
IDS/IPS Introduction to IDS and IPS Types of HIDS • Operating System Level – Works on OS log files. •Application Level – Works on application level log files. • Network Level – works on packets addressed to or sent from a host.
IDS/IPS Introduction to IDS and IPS Advantages of HIDS • Cost Effective • Additional Layer of Protection. • Direct control over system entities – works on packets addressed to or sent from a host.
IDS/IPS Introduction to IDS and IPS NIDS • IDS responsible for detecting in-appropriate, anomalous, or any other kind of data which may be considered unauthorized or inappropriate for a subject network • Pattern based HIDS – Combination of HIDS and NIDS
IDS/IPS Introduction to IDS and IPS IPS • Sophisticated class of network security implementation that not only has the ability to detect the presence of intruders and their actions, but also to prevent them from successfully launching any attack. • Incorporate the security features of firewall technology and that of intrusion detection systems
IDS/IPS Introduction to IDS and IPS IPS Categories • Host IPS (HIPS) •Loaded on each PC and server • Network IPS (NIPS) •Component that effectively integrates into your overall network security framework.
IDS/IPS Introduction to IDS and IPS Benefits of HIPS • Attack Prevention • Patch Relief • Internal Attack propagation prevention • Policy enforcement • Regulatory requirements
IDS/IPS Introduction to IDS and IPS NIPS - Places sensors as L2 forwarding devices.
IDS/IPS Introduction to IDS and IPS Main difference between IDS and IPS – packet dropping. Dropping of packets – Categories •Dropping a single packet •Dropping all packets for a connection •Dropping all traffic from a source IP.
IDS/IPS Introduction to IDS and IPS
IDS/IPS Introduction to IDS and IPS Defense in Depth. • Also known as Elastic defense. • Military strategy that seeks to delay rather than prevent the advance of an attacker. • Represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented.
IDS/IPS Introduction to IDS and IPS Defense in Depth •Attacker has to penetrate a series of layered defenses • Each layer is equipped with the suitable defense • The delay provides the security staff with the time to respond to the attack.
IDS/IPS Introduction to IDS and IPS Defense in Depth
IDS/IPS Introduction to IDS and IPS IDS & IPS Analysis Scheme •A baseline is first set. •Baseline - known value or quantity with which an unknown is compared when measured or assessed •A group of network activities / characteristics are categorized as baseline for an IDS system •Anything outside baseline - malicious
IDS/IPS Introduction to IDS and IPS Network Activity Baseline Variance from the Baseline activities
IDS/IPS Introduction to IDS and IPS IDS Analysis • Process of organizing the various elements of data related to IDS and their inter-relationships to identify any irregular activity of interest.
IDS/IPS Introduction to IDS and IPS IDS Analysis Divided into 4 phases: • Preprocessing • Analysis • Response • Refinement
IDS/IPS Introduction to IDS and IPS Detection Methodologies • Rule based Detection • Also known as Misuse Detection or Signature detection or pattern matching. • First scheme used in earlier IDS • process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder
IDS/IPS Introduction to IDS and IPS • Anomaly Detection • Also known as profile-based detection •A profile is created for each user group on the system. •The profile created is then used as a baseline to define user activity. •If network activity deviates from baseline, alarm is generated.
IDS/IPS Introduction to IDS and IPS • Behavior Anomaly Detection • Looks for anomalies in user behavior. • Characteristics dependent rather than statistical.
IDS/IPS Introduction to IDS and IPS • Network Behavior Anomaly Detection (NMAD) • Also known as traffic anomaly systems • Process of continuously monitoring a proprietary network for unusual events or trends • Basically statistical rather than characteristics.
IDS/IPS Introduction to IDS and IPS • Protocol Anomaly Systems • Look for deviations from the set protocol standards. • Primarily characteristics based. • Not very reliable and generates false positives.
IDS/IPS Introduction to IDS and IPS • Target Monitoring Systems • Look for modification of specified files or objects. • More of a corrective control. •Creates crypto checksum for each file. •This checksum is compared at regular intervals to detect any changes.
IDS/IPS Introduction to IDS and IPS Heuristics • Still in its initial stages • Refers to the use of AI in detecting Intrusions. • AI scripting language is used to apply the analysis to the incoming data.
IDS/IPS Introduction to IDS and IPS Hybrid Approach • Any system that uses a combination of the above mentioned analysis
IDS/IPS Introduction to IDS and IPS Some Myths •IDS and IPS are two separate solutions •IDSs and IPSs will catch or stop all network intrusions •IDS give too many false positives •IDS will eventually replace firewalls. •Few Security Admins are required if you deploy an IDS

Recomendados

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 

Recomendados

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Mohit Belwal
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
Disha Bedi
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
david rom
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
shraddha_b
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPS
Minhaz A V
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Devil's Cafe
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
OECLIB Odisha Electronics Control Library
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Aparna Bhadran
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
AAKASH S
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
parthan t
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
Not yet working. I am still studying
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
Lan & Wan Solutions
 
Types Of Flooring
Types Of FlooringTypes Of Flooring
Types Of Flooring
kuntansourav
 

Mais conteĂşdo relacionado

Mais procurados

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
AAKASH S
 

Mais procurados (20)

Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPS
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Network attacks
Network attacksNetwork attacks
Network attacks
 

Destaque

Types Of Flooring
Types Of FlooringTypes Of Flooring
Types Of Flooring
kuntansourav
 
Flooring
FlooringFlooring
Flooring
Aditi Shah
 
Cidade ideal apresentação IDS
Cidade ideal apresentação IDSCidade ideal apresentação IDS
Cidade ideal apresentação IDS
Pedrokelson
 
215610229 seguranca-de-redes
215610229 seguranca-de-redes215610229 seguranca-de-redes
215610229 seguranca-de-redes
Marco GuimarĂŁes
 
Ids
IdsIds
Ids
Caniap
 
Aula 13 sistemas de detecção de intrusão
Aula 13 sistemas de detecção de intrusãoAula 13 sistemas de detecção de intrusão
Aula 13 sistemas de detecção de intrusão
camila_seixas
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
vinay arora
 
automatedbricklayout[1]
automatedbricklayout[1]automatedbricklayout[1]
automatedbricklayout[1]
David Winkler
 

Destaque (20)

Ids & ips
Ids & ipsIds & ips
Ids & ips
 
Types Of Flooring
Types Of FlooringTypes Of Flooring
Types Of Flooring
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
flooring and its types
flooring and its typesflooring and its types
flooring and its types
 
Flooring
FlooringFlooring
Flooring
 
1 Ids On Campus V3a
1 Ids On Campus V3a1 Ids On Campus V3a
1 Ids On Campus V3a
 
Cidade ideal apresentação IDS
Cidade ideal apresentação IDSCidade ideal apresentação IDS
Cidade ideal apresentação IDS
 
215610229 seguranca-de-redes
215610229 seguranca-de-redes215610229 seguranca-de-redes
215610229 seguranca-de-redes
 
Ids
IdsIds
Ids
 
Computer Science Thesis Defense
Computer Science Thesis DefenseComputer Science Thesis Defense
Computer Science Thesis Defense
 
IPS e IDS
IPS e IDSIPS e IDS
IPS e IDS
 
Aula 13 sistemas de detecção de intrusão
Aula 13 sistemas de detecção de intrusãoAula 13 sistemas de detecção de intrusão
Aula 13 sistemas de detecção de intrusão
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
 
Proxy server
Proxy serverProxy server
Proxy server
 
Seguranca em Redes IDS
Seguranca em Redes IDSSeguranca em Redes IDS
Seguranca em Redes IDS
 
Snort
SnortSnort
Snort
 
automatedbricklayout[1]
automatedbricklayout[1]automatedbricklayout[1]
automatedbricklayout[1]
 
Block Laying adhesive.
Block Laying adhesive. Block Laying adhesive.
Block Laying adhesive.
 
Can Labeling – Our Adhesives Work With Any Can Gluing Need
Can Labeling – Our Adhesives Work With Any Can Gluing NeedCan Labeling – Our Adhesives Work With Any Can Gluing Need
Can Labeling – Our Adhesives Work With Any Can Gluing Need
 
Snort ppt
Snort pptSnort ppt
Snort ppt
 

Semelhante a Computer Security and Intrusion Detection(IDS/IPS)

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
Jasleen Kaur
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 

Semelhante a Computer Security and Intrusion Detection(IDS/IPS) (20)

CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
ch03.pptx
ch03.pptxch03.pptx
ch03.pptx
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
ch15.pdf
ch15.pdfch15.pdf
ch15.pdf
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computing
 

Mais de LJ PROJECTS

Event Management System Document
Event Management System Document Event Management System Document
Event Management System Document
LJ PROJECTS
 

Mais de LJ PROJECTS (11)

Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
Tips on looking after yourself | Managing COVID-19 Stress | LJ ProjectsTips on looking after yourself | Managing COVID-19 Stress | LJ Projects
Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
 
LJ Innovation village 2019 - Uploaded by LJ Projects
LJ Innovation village 2019 - Uploaded by LJ ProjectsLJ Innovation village 2019 - Uploaded by LJ Projects
LJ Innovation village 2019 - Uploaded by LJ Projects
 
Cloudedots - Ideas into Reality | Mobile and Web App development Company
Cloudedots - Ideas into Reality | Mobile and Web App development CompanyCloudedots - Ideas into Reality | Mobile and Web App development Company
Cloudedots - Ideas into Reality | Mobile and Web App development Company
 
Foodies- An e-Food inventory Management Portal
Foodies- An e-Food inventory Management PortalFoodies- An e-Food inventory Management Portal
Foodies- An e-Food inventory Management Portal
 
Security models
Security models Security models
Security models
 
Information security
Information securityInformation security
Information security
 
Grid Computing (An Up-Coming Technology)
Grid Computing (An Up-Coming Technology)Grid Computing (An Up-Coming Technology)
Grid Computing (An Up-Coming Technology)
 
Socket Programming- Data Link Access
Socket Programming- Data Link AccessSocket Programming- Data Link Access
Socket Programming- Data Link Access
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
 
TCP/IP Introduction
TCP/IP Introduction TCP/IP Introduction
TCP/IP Introduction
 
Event Management System Document
Event Management System Document Event Management System Document
Event Management System Document
 

Último

Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 

Último (20)

Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 

Computer Security and Intrusion Detection(IDS/IPS)

  • 1. IDS/IPS Computer Security and Intrusion Detection • Communication •Any communication requires 4 entities •Source •Destination •Medium •Protocol – Rule
  • 2. IDS/IPS Computer Security and Intrusion Detection • Communication – Flow of Information
  • 3. IDS/IPS Computer Security and Intrusion Detection • Various types of attacks •Interruption •Interception •Modification •Fabrication
  • 4. IDS/IPS Computer Security and Intrusion Detection • Interruption - state where the asset of a system gets destroyed or becomes un-available • targets the source or the communication channel • prevents the information from reaching the destination
  • 5. IDS/IPS Computer Security and Intrusion Detection • Interruption - Examples • Cutting the physical cable medium • Overload the carrying medium • Types of Denial of Service (DoS) Attacks
  • 6. IDS/IPS Computer Security and Intrusion Detection • Interception – un-authorized party gets illegal access to the information traversing through the communication channel. • Examples •Wiretapping
  • 7. IDS/IPS Computer Security and Intrusion Detection • Modification – information is intercepted and modified . • Examples •MITM Attacks
  • 8. IDS/IPS Computer Security and Intrusion Detection • Fabrication – attacker inserts forged objects into the system without the senders knowledge and involvement .
  • 9. IDS/IPS Computer Security and Intrusion Detection • Fabrication – 2 types • Replaying • previously intercepted entity is inserted • Example – Replaying an authentication message. • Masquerading • attacker pretends to be the legitimate source • inserts his / her desired information • Example – Adding new records to a file or database
  • 10. IDS/IPS Computer Security and Intrusion Detection • Security Property •Desired feature of a system with regard to certain type of attacks. •The four attacks discussed in the previous section violates the various security properties of an information system •Core qualities of any information system
  • 11. IDS/IPS Computer Security and Intrusion Detection • Security Property •Confidentiality •Integrity •Availability •Authentication •Non Repudiation
  • 12. IDS/IPS Computer Security and Intrusion Detection • Traffic Analysis - Process of intercepting and examining messages in order to deduce information from patterns in communication. Information collected include: •Source •Destination •Timing of the data •Frequency of a particular message •Type of data / communication
  • 13. IDS/IPS Computer Security and Intrusion Detection • Non-repudiation Concept of ensuring that a contract cannot later be denied by one of the parties involved. • Describes the mechanism that prevents either sender or receiver from denying a transmitted message. •Non-repudiation of origin – proves data has been sent •Non-repudiation of delivery – proves data has been received
  • 14. IDS/IPS Computer Security and Intrusion Detection •Security Mechanisms The various actions and countermeasures employed to safeguard the security properties of an information system. •Security Mechanisms – 3 Types •Attack Prevention •Attack Avoidance •Attack Detection
  • 15. IDS/IPS Computer Security and Intrusion Detection • Attack Prevention Series of security mechanisms implemented to prevent or defend against various kinds of attacks before they can actually reach and affect the target system. •Examples •Access Control •Firewall
  • 16. IDS/IPS Computer Security and Intrusion Detection • Attack Avoidance Techniques in which the information is modified in a way that makes it unusable for the attacker. •Assumption – Attacker may / has access to the subject information. •Examples • Cryptography
  • 17. IDS/IPS Computer Security and Intrusion Detection • Attack Detection Process / Technique of reporting that something is able to bypass the security measures (if available), and identifying the type of attack. • Counter measures are initiated to recover from the impact of the attack. •Examples • IDS / IPS
  • 18. IDS/IPS Computer Security and Intrusion Detection • Intrusion Detection System Intrusion detection encompasses a range of security techniques designed to detect (and report on) malicious system and network activity or to record evidence of intrusion.
  • 19. IDS/IPS Attack Framework • Types of Events – 2 • Attributable Event can be traced to an authenticated user •Non-attributable Event cannot be traced to an authenticated user. Ex: Any event that occur before authentication in the login process – bad password attempts.
  • 20. IDS/IPS Attack Framework Vulnerability •Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved •Pen Testers Point of View - From a penetration tester’s point of view, vulnerability is defined as a security weakness in a Target of Evaluation.
  • 21. IDS/IPS Attack Framework Threat • Any possible event, action, process or phenomenon that can potentially inflict damage on system resources
  • 22. IDS/IPS Attack Framework Relation between Vulnerability and Threat
  • 23. IDS/IPS Attack Framework Real Life Case Study – European Space Agency •Ariane 5 Rocket – 10 years and $ 7 million •Capable of placing a pair of three-ton satellites into the orbit. •Launched on 04 Jun 1996
  • 24. IDS/IPS Attack Framework Immediately after launch, Ariane 5 exploded Case of the explosion a very small computer program trying to stuff a 64-bit number into a 16-bit space See it: http://s.freissinet.free.fr/videos/aria ne5.wmv
  • 25. IDS/IPS Attack Framework Vulnerability Classification Vulnerabilities can be classified as follows: • Design Vulnerabilities • Implementation Vulnerabilities • Configuration or Operational Vulnerabilities
  • 26. IDS/IPS Attack Framework Design Vulnerability • When the vulnerability is said to be inherent to the project or design • Very difficult to detect and eliminate as it is inherent to the project • Proper implementation of the product will not get rid of the flaw • Example - TCP/IP protocol stack vulnerability
  • 27. IDS/IPS Attack Framework Implementation Vulnerability • When an error is introduced into the components of a system, during the implementation stage of a project or algorithm, they are termed as Implementation Vulnerabilities. • Error could be hardware based or software based. • Example – Buffer Overflows
  • 28. IDS/IPS Attack Framework Configuration Vulnerability • Also known as Operational Vulnerability. • Introduced into the system when the administrator responsible does not perform the proper configuration or sometimes leaving the default configuration on. •Example - Not disabling unwanted services, allowing weak passwords
  • 29. IDS/IPS Attack Framework Attacks • an assault on system security that derives from an intelligent threat. • an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system •Example - denial of service attacks, penetration and sabotage
  • 30. IDS/IPS Attack Framework Difference between Attack and Security Event • Attack - the intruder aims at achieving a particular result which could be against the implied security policy • Event – No rules are violated or broken
  • 31. IDS/IPS Attack Framework Attack Components • Attack realization tool – Example - Port Scanner • Vulnerability – Exploit a known vulnerability • Security Event – actions on target system • Result of the Attack - When an attacker is able to exploit vulnerability and has generated a security event The results of an attack may vary depending upon the security event and vulnerability chosen.
  • 33. IDS/IPS Attack Framework The attacker and target represent the same entity ATTACKER AND TARGET ARE ON THE SAME ENTITY
  • 34. IDS/IPS Attack Framework Attack Model Categories • Traditional Attack Model • One-to-one Attack Model • One-to-many Attack Model • Distribution Attack Model • Many-to-one Attack Model • Many-to-many Attack Model
  • 35. IDS/IPS Attack Framework Traditional Attack Model • Attack always originate from a single point. • Single – tier architecture • There is only a single layer between the attacker and the target.
  • 36. IDS/IPS Attack Framework One-to-one (traditional attack model) • The attacker and target is having a one-to-one relationship. •Attack originates from a single machine.
  • 37. IDS/IPS Attack Framework One-to-many (traditional attack model) • The attacker and target is having a one-to-many relationship. •Attack originates from a single machine, but more than one target is there
  • 39. IDS/IPS Attack Framework Distributed Attack Model • Based on many-to-one and many-to-many relationship. • Source of the attack is more than one entity. • The attack packets originate from intermediate systems compromised by the attacker.
  • 40. IDS/IPS Attack Framework Many-to-one (Distributed attack model) • The attacker and target is having a Many-to-one relationship. •Attack originates from more than one machine. •There is only one target
  • 42. IDS/IPS Attack Framework Many-to-many (Distributed attack model) • The attacker and target is having a Many-to-many relationship. •Attack originates from more than one machine. •There are more than one target
  • 44. IDS/IPS Attack Framework Distributed attack • Reconnaissance – searching for suitable host. • Compromise the system – installing backdoors • Attack Initiation – start the attack using the compromised system.
  • 45. IDS/IPS Attack Framework Distributed attack - Agents • Two types of special agents •Masters / Servers •Daemons / Clients •Zombie – compromised systems where agents are installed. •Distributed attacks implement a three tier architecture
  • 46. IDS/IPS Attack Framework Distributed attack - Advantages • Attack Effect – devastating effect as attack originates from multiple locations. • Anonymity – provides high level of anonymity to the attacker. • Hard-to-stop attacks – Very difficult to stop the attack without bringing down or disconnecting the target system
  • 47. IDS/IPS Attack Framework Intruder • Also known as attacker – first element in the attack model. •person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system •attempts to violate Security by interfering with system Availability, data Integrity or data Confidentialit
  • 48. IDS/IPS Attack Framework Intruder Types •Black Hat Hacker •Hacker spies support by Govt •Cyber Terrorist •Corporate Spies •Professional Criminals •Vandals
  • 49. IDS/IPS Attack Framework Incidents •violation or imminent threat of violation that could or results in •a loss of data confidentiality, •disruption of data or system integrity, or disruption or denial of availability •An incident must clearly be a breach of network security.
  • 50. IDS/IPS Attack Framework Examples of Incidents • DoS • Malicious Code • Unauthorized Access • Inappropriate Usage
  • 51. IDS/IPS Introduction to IDS and IPS Intrusion - any unauthorized system or network activity on one (or more of) computer(s) or network(s) Intrusion detection systems (IDSs) are software or/and hardware based systems that detect intrusions to your network / host based on a number of telltale signs.
  • 52. IDS/IPS Introduction to IDS and IPS Two types of IDS: •Active IDS – •attempt to block attacks •respond with countermeasures •alert administrators •Passive IDS – •merely log the intrusion •create audit trails
  • 53. IDS/IPS Introduction to IDS and IPS IDS can provide the following information on attempted or actual security events •Data destruction •Denial-of-service •Hostile Code •Network or system eavesdropping •System or network mapping and intrusion •Unauthorized access
  • 54. IDS/IPS Introduction to IDS and IPS Types of IDS •Host - based Intrusion detection system (HIDS) •Network-based intrusion detection system (NIDS) •Hybrid Intrusion Detection Systems
  • 55. IDS/IPS Introduction to IDS and IPS HIDS •Resides on the host •They scan log files – OS log files, application log files etc •If the log files are corrupt, HIDS is not effective. •The scan output is logged into secure database and compared to detect any intrusion.
  • 56. IDS/IPS Introduction to IDS and IPS Types of HIDS • Operating System Level – Works on OS log files. •Application Level – Works on application level log files. • Network Level – works on packets addressed to or sent from a host.
  • 57. IDS/IPS Introduction to IDS and IPS Advantages of HIDS • Cost Effective • Additional Layer of Protection. • Direct control over system entities – works on packets addressed to or sent from a host.
  • 58. IDS/IPS Introduction to IDS and IPS NIDS • IDS responsible for detecting in-appropriate, anomalous, or any other kind of data which may be considered unauthorized or inappropriate for a subject network • Pattern based HIDS – Combination of HIDS and NIDS
  • 59. IDS/IPS Introduction to IDS and IPS IPS • Sophisticated class of network security implementation that not only has the ability to detect the presence of intruders and their actions, but also to prevent them from successfully launching any attack. • Incorporate the security features of firewall technology and that of intrusion detection systems
  • 60. IDS/IPS Introduction to IDS and IPS IPS Categories • Host IPS (HIPS) •Loaded on each PC and server • Network IPS (NIPS) •Component that effectively integrates into your overall network security framework.
  • 61. IDS/IPS Introduction to IDS and IPS Benefits of HIPS • Attack Prevention • Patch Relief • Internal Attack propagation prevention • Policy enforcement • Regulatory requirements
  • 62. IDS/IPS Introduction to IDS and IPS NIPS - Places sensors as L2 forwarding devices.
  • 63. IDS/IPS Introduction to IDS and IPS Main difference between IDS and IPS – packet dropping. Dropping of packets – Categories •Dropping a single packet •Dropping all packets for a connection •Dropping all traffic from a source IP.
  • 65. IDS/IPS Introduction to IDS and IPS Defense in Depth. • Also known as Elastic defense. • Military strategy that seeks to delay rather than prevent the advance of an attacker. • Represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented.
  • 66. IDS/IPS Introduction to IDS and IPS Defense in Depth •Attacker has to penetrate a series of layered defenses • Each layer is equipped with the suitable defense • The delay provides the security staff with the time to respond to the attack.
  • 67. IDS/IPS Introduction to IDS and IPS Defense in Depth
  • 68. IDS/IPS Introduction to IDS and IPS IDS & IPS Analysis Scheme •A baseline is first set. •Baseline - known value or quantity with which an unknown is compared when measured or assessed •A group of network activities / characteristics are categorized as baseline for an IDS system •Anything outside baseline - malicious
  • 69. IDS/IPS Introduction to IDS and IPS Network Activity Baseline Variance from the Baseline activities
  • 70. IDS/IPS Introduction to IDS and IPS IDS Analysis • Process of organizing the various elements of data related to IDS and their inter-relationships to identify any irregular activity of interest.
  • 71. IDS/IPS Introduction to IDS and IPS IDS Analysis Divided into 4 phases: • Preprocessing • Analysis • Response • Refinement
  • 72. IDS/IPS Introduction to IDS and IPS Detection Methodologies • Rule based Detection • Also known as Misuse Detection or Signature detection or pattern matching. • First scheme used in earlier IDS • process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder
  • 73. IDS/IPS Introduction to IDS and IPS • Anomaly Detection • Also known as profile-based detection •A profile is created for each user group on the system. •The profile created is then used as a baseline to define user activity. •If network activity deviates from baseline, alarm is generated.
  • 74. IDS/IPS Introduction to IDS and IPS • Behavior Anomaly Detection • Looks for anomalies in user behavior. • Characteristics dependent rather than statistical.
  • 75. IDS/IPS Introduction to IDS and IPS • Network Behavior Anomaly Detection (NMAD) • Also known as traffic anomaly systems • Process of continuously monitoring a proprietary network for unusual events or trends • Basically statistical rather than characteristics.
  • 76. IDS/IPS Introduction to IDS and IPS • Protocol Anomaly Systems • Look for deviations from the set protocol standards. • Primarily characteristics based. • Not very reliable and generates false positives.
  • 77. IDS/IPS Introduction to IDS and IPS • Target Monitoring Systems • Look for modification of specified files or objects. • More of a corrective control. •Creates crypto checksum for each file. •This checksum is compared at regular intervals to detect any changes.
  • 78. IDS/IPS Introduction to IDS and IPS Heuristics • Still in its initial stages • Refers to the use of AI in detecting Intrusions. • AI scripting language is used to apply the analysis to the incoming data.
  • 79. IDS/IPS Introduction to IDS and IPS Hybrid Approach • Any system that uses a combination of the above mentioned analysis
  • 80. IDS/IPS Introduction to IDS and IPS Some Myths •IDS and IPS are two separate solutions •IDSs and IPSs will catch or stop all network intrusions •IDS give too many false positives •IDS will eventually replace firewalls. •Few Security Admins are required if you deploy an IDS