Network-Based Intrusion     Detection Systems        By: John Buckhorn
Introduction Security Threats on the RiseTraditional Protection  Antivirus  Firewalls
History• USAF – 1972  – Noted vulnerabilities of computer security• 1984  – First Intrusion Detection System Prototype  – ...
IDS Features•   Pattern matching•   Data destruction•   denial-of-service•   Hostile code•   Network or System Eavesdroppi...
Intrusion Detection Technologies• Host-based Intrusion detection Systems  (HIDS)• Network-Based intrusion detection system...
Network-Based Intrusion Detection         System (NBIDS) • More network based attacks • Shift from host based to network b...
Types of Attacks             (Internal)• Insider Attacks  – Not limited to an employee• Examples  – Internal Denial of Ser...
Types of Attacks             (External)• External Threats  – Companies systems are becoming more visible  – International ...
NBIDS Benefits• Trace activity• Complements:  – Firewalls  – Antivirus Software• System Management Competencies  – Monitor...
Types of NBIDS• Promiscuous-Mode  – Captures every packet• Network-Node  – VPN
NBIDS Issues• Cannot reassemble all fragmented traffic• Cannot compensate for low credential  standards• Cannot analyze al...
NBIDS Future• Artificial Intelligence• Combination of:   – Anomaly Detection   – Misuse Detection• New Hybrid Model
Cost Effectiveness• One Third of attacks originate inside the  company• Firewalls only prevent unauthorized access  from o...
Available NBIDS• Snort Intrusion Prevention – Software-  based  – Free• AIDE – Software-Based  – Free• IBM RealSecure ISS ...
FAQ• Why have a NBIDS if it cannot prevent a  hack?• When would it be necessary to use a Host-  based Intrusion Detection ...
Conclusion• Goal:  – To achieve a balance• NBIDS is not preventative  – Firewall  – Antivirus  – Host based IDS
Upcoming SlideShare
Loading in …5
×

Network-Based Intrusion Detection System

1,900
-1

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,900
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
523
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Network-Based Intrusion Detection System

  1. 1. Network-Based Intrusion Detection Systems By: John Buckhorn
  2. 2. Introduction Security Threats on the RiseTraditional Protection Antivirus Firewalls
  3. 3. History• USAF – 1972 – Noted vulnerabilities of computer security• 1984 – First Intrusion Detection System Prototype – Real Time Intrusion Detection – Would eventually evolve into modern NBIDS
  4. 4. IDS Features• Pattern matching• Data destruction• denial-of-service• Hostile code• Network or System Eavesdropping• System and Network Mapping• Unauthorized access• Anomaly Detection
  5. 5. Intrusion Detection Technologies• Host-based Intrusion detection Systems (HIDS)• Network-Based intrusion detection systems (NBIDS)• File System Integrity checkers• Honeypot Systems• Security Information Management (SIM)
  6. 6. Network-Based Intrusion Detection System (NBIDS) • More network based attacks • Shift from host based to network based • An NBIDS is a system that monitors traffic at selected points on a network or interconnected set of networks
  7. 7. Types of Attacks (Internal)• Insider Attacks – Not limited to an employee• Examples – Internal Denial of Service (DoS) – Internal Privilege Escalation – Internal Super-User Privileges
  8. 8. Types of Attacks (External)• External Threats – Companies systems are becoming more visible – International Threats• Example – External Denial of Service (DoS) – External Privilege Escalations
  9. 9. NBIDS Benefits• Trace activity• Complements: – Firewalls – Antivirus Software• System Management Competencies – Monitoring – Security Audits – Response – Attack Recognition
  10. 10. Types of NBIDS• Promiscuous-Mode – Captures every packet• Network-Node – VPN
  11. 11. NBIDS Issues• Cannot reassemble all fragmented traffic• Cannot compensate for low credential standards• Cannot analyze all data or deal with packet- level issues• Firewalls serve best
  12. 12. NBIDS Future• Artificial Intelligence• Combination of: – Anomaly Detection – Misuse Detection• New Hybrid Model
  13. 13. Cost Effectiveness• One Third of attacks originate inside the company• Firewalls only prevent unauthorized access from outside the network• Companies spent $3.8 Million/year• Compared to $60,000 for a hardware-based Cisco® NBIDS
  14. 14. Available NBIDS• Snort Intrusion Prevention – Software- based – Free• AIDE – Software-Based – Free• IBM RealSecure ISS – Software-Based – ~$12,000• Cisco IPS 4270 – Harware-based – ~$50,000-$60,000
  15. 15. FAQ• Why have a NBIDS if it cannot prevent a hack?• When would it be necessary to use a Host- based Intrusion Detection System?• What is a Signature?
  16. 16. Conclusion• Goal: – To achieve a balance• NBIDS is not preventative – Firewall – Antivirus – Host based IDS
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×