This document discusses intruders, intrusion detection systems, and their components and functions. It describes different types of intruders, intrusion detection systems, and their principles. It also discusses viruses, firewall design principles, types of firewalls, trusted systems and their models.
3. INTRUDERS
Any set of actions that attempt to compromise
the confidentiality, integrity, or availability of a
computer resource
One of the most publicized attack to security is
the intruder, generally referred to a hacker or
cracker.
There classes of intruder are as follows:
Masquerader
Misfeasor
Clandestine user
5. INTRUSION DELECTION
SYSTEM(IDS)
Intrusion detection I the process of identifying and
responding to malicious activity targeted at
resources
IDS is a system designed to test/analyze network
system traffic/events against a give set of
parameters and alert/capture data when these
IDS uses collected information and predefined
knowledge-based System reason about the
possibility of an intrusion.
IDS also provides services to cop with intrusion
such as giving alarms, activating programs to try to
deal with intrusion,etc.
6. FUNCTION OF IDS
An IDS detects attacks as soon as possible and
takes appropriate action.
An ID dose not usually take preventive measures
when an attack is detected
It is a reactive rather than a pro-active agent
It plays a role of informant rather than a police
officer.
7. PRINICIPLES OF INTRUCTION DETECTION
SYSTEM
An IDS must run unattended for extended periods
of time
The IDS must stay active and secure
The IDS must be also to recognize unusual
activity
The IDS must operate without unduly affecting
the system’s activity
The IDS must be configurable
9. COMPONENTS OF IDS
Basically there are three components or modules
in an intrusion detection system:
Sensor: responsible for capturing packets and
sending to the console class.
Console: responsible for analyzing packets
captured by enor class.
Its is the class responsible for displaying GUI and
generating alerts
10. TYPES OF IDS
Network intrusion detection system(INDS)
Protocol based intrusion detection system(PIDS)
Application protocol based intrusion detection
system(APIDS)
Host-based intrusion detection system(HIDS)
11. VIRUSES AND RELATED
THREATS
Perhaps the most sophisticated types of threats
to computer systems are presented by program
that exploit vulnerabilities in computing systems.
Malicious programs
12. Viruses
Virus-vital information resources under seize
A virus is a malware program that, when
executed, replicates by inserting copies of itself
into other computer programs, data files, or the
boot sector of the hard drive
Virus phases:
Dormant-waiting on trigger event
Propagation –replicating to programs/disks
Triggering-by event to execute payload
Execution- of payload
14. VIRUS
COUNTERMEASURES
Viral attacks exploit lack of integrity control on
systems to defend need to add such controls
Typically by one or more of:
Prevention-block virus infection mechanism
Detection-of viruses in infected system
Reaction – restoring system to clean state
16. FIREWALL DESIGN
PRINCIPLES
Information system undergo a steady evolution
(from small LAN’s to internet connectivity).
Strong security features for all workstations and
servers not established.
Effective means of protection a local system or
network of system from network _ based security
threats while affording access to the outside world
via WAN’s or the internet.
17. TYPES OF FIREWALLS
Three common types of firewalls:
Packet-filtering-router.
Application-level-gateways.
Circuit-level-gateways.
Bastion host
18. TRUSTED SYSTEM
A trusted system can protect malicious attacks
from future bugs or viruses.
The code of a trusted system I passed through
rigorous analysis and development
A trusted system and an untrusted system can
share a similar foundation