07-02-2013, 10:37 AM
Seminar on Intrusion
Intrusion.pptx (Size: 149.84 KB / Downloads: 30)
Intrusion: Attempts to compromise the confidentiality, integrity, availability or to bypass the security mechanisms of a computer system or network.
Intrusion Detection System(IDS): It a device or software application that monitors network or system activities for malicious activities and produces reports to a Management .
Intrusion Prevention System(IPS): is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
Functions of IDPS
Recording information related to observed events.
Notifying security administrators of important observed events.
Producing reports.
The IDPS stops the attack itself.
The IDPS changes the security environment.
The IDPS changes the attack’s content.
Signature-Based Detection
It process of comparing signatures against observed events to identify possible incidents.
Effective is detecting known threats.
Ineffective in detecting unknown threats.
Anomaly-Based Detection
Sample network activity to compare to traffic that is known to be normal.
When measured activity is outside baseline parameters or clipping level, IDPS will trigger an alert.
Detects new types of attacks.
An IDPS using anomaly-based detection has profiles that represent the normal behavior of such things as users, hosts, network connections, or applications.
Network Based IDPS
These are placed at points within the network to monitor traffic network for suspicious activity.
It can detect events like policy violations, buffer overflows, unusual packet fragmentation, spoofed ip address.
Types of network sensors:
Inline sensor : Inserted into a network segment.
Passive sensor: It monitors a copy of network traffic.
Network behavior analysis system
It examines network traffic or identify unusual traffic flows.
It can detect dos attacks, worms, unexpected application services, policy violations.
NBA have sensors and consoles.
Prevention capabilities:
Ending the Current TCP Session.
Performing Inline Firewalling
Running a Third-Party Program or Script.
Host based IDPS
Monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
Detects buffer overflow ,network traffic filtering, file system monitoring.
These have detection software known as agents installed on the hosts.
Conclusion
Intrusion detection prevention systems have been promoted as cost-effective ways to block malicious traffic, to detect worm and virus threats, to serve as a network monitoring point, to assist in compliance requirements and to prevent these attacks on computer systems.