Network-Based Intrusion Detection Systems By: John Buckhorn
Introduction Security Threats on the RiseTraditional Protection Antivirus Firewalls
History• USAF – 1972 – Noted vulnerabilities of computer security• 1984 – First Intrusion Detection System Prototype – Real Time Intrusion Detection – Would eventually evolve into modern NBIDS
IDS Features• Pattern matching• Data destruction• denial-of-service• Hostile code• Network or System Eavesdropping• System and Network Mapping• Unauthorized access• Anomaly Detection
Intrusion Detection Technologies• Host-based Intrusion detection Systems (HIDS)• Network-Based intrusion detection systems (NBIDS)• File System Integrity checkers• Honeypot Systems• Security Information Management (SIM)
Network-Based Intrusion Detection System (NBIDS) • More network based attacks • Shift from host based to network based • An NBIDS is a system that monitors traffic at selected points on a network or interconnected set of networks
Types of Attacks (Internal)• Insider Attacks – Not limited to an employee• Examples – Internal Denial of Service (DoS) – Internal Privilege Escalation – Internal Super-User Privileges
Types of Attacks (External)• External Threats – Companies systems are becoming more visible – International Threats• Example – External Denial of Service (DoS) – External Privilege Escalations
Types of NBIDS• Promiscuous-Mode – Captures every packet• Network-Node – VPN
NBIDS Issues• Cannot reassemble all fragmented traffic• Cannot compensate for low credential standards• Cannot analyze all data or deal with packet- level issues• Firewalls serve best
NBIDS Future• Artificial Intelligence• Combination of: – Anomaly Detection – Misuse Detection• New Hybrid Model
Cost Effectiveness• One Third of attacks originate inside the company• Firewalls only prevent unauthorized access from outside the network• Companies spent $3.8 Million/year• Compared to $60,000 for a hardware-based Cisco® NBIDS
Available NBIDS• Snort Intrusion Prevention – Software- based – Free• AIDE – Software-Based – Free• IBM RealSecure ISS – Software-Based – ~$12,000• Cisco IPS 4270 – Harware-based – ~$50,000-$60,000
FAQ• Why have a NBIDS if it cannot prevent a hack?• When would it be necessary to use a Host- based Intrusion Detection System?• What is a Signature?
Conclusion• Goal: – To achieve a balance• NBIDS is not preventative – Firewall – Antivirus – Host based IDS
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.