Your SlideShare is downloading. ×
0
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Intrusion Detection System(IDS)

3,549

Published on

In this ppt I have included mainly three topics. …

In this ppt I have included mainly three topics.
1.Introduction of IDS
2.Technologies used in IDS
3.Detection types

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,549
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
319
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Seminar on<br />Intrusion<br />Detection<br />System<br />
  • 2. Topics:<br /><ul><li>Introduction of IDS
  • 3. Technologies
  • 4. Detection types</li></li></ul><li>Introduction<br /><ul><li>What is IDS?
  • 5. History
  • 6. Need of IDS
  • 7. Classification of IDS</li></li></ul><li>What is IDS?<br /><ul><li>Revolution in networking
  • 8. The possibilities and opportunities are limitless.
  • 9. Unfortunately, so too are the risks and chances of malicious activities.</li></li></ul><li><ul><li>Intrusion=Illegal entry or unwelcome addition
  • 10. Definition:</li></ul> Intrusion Detection System (IDS) is a software to determine if a computer network or server has experienced an unauthorized intrusion.<br />
  • 11. IDS detects these intrusion attempts so that action may be takento repair the damage later.<br /> IDS monitors network traffic and monitors for suspicious activity and alerts the system or network administrator.<br />
  • 12. The beginning(History)<br />A USAF paper published in October 1972 written by James P. Anderson outlined the fact the USAF had “become increasingly aware of computer security problems.”<br />
  • 13. <ul><li>Before designing an IDS, it was necessary to understand the types of threats and attacks that could be mounted against computers systems.</li></li></ul><li><ul><li>A computer system should provide confidentiality, integrity and assuranceagainst denial of service.
  • 14. Confidentiality:</li></ul>Whether the information stored on a system is protected against unauthorized access.<br />Need of IDS<br />
  • 15. <ul><li>Integrity:</li></ul> Whether the information stored on a system is reliable and can be trusted.<br /><ul><li>Increased connectivity: (especially on the Internet)</li></ul> more and more systems are subject to attack by intruders. <br /> <br />
  • 16. <ul><li>These intruders attempts try to exploit flaws in the OS as well as in application programs and have resulted in spectacular incidents.
  • 17. Internet Worm incident of 1988.</li></li></ul><li>Two ways to handle<br />
  • 18. <ul><li>we cannot prevent intruders,we should at least try to detect it and prevent similar attacks in future.</li></li></ul><li>Types of intruders<br />
  • 19. Tasks to be performed<br />Simulation<br />Analysis<br />Notification<br />
  • 20.
  • 21. Technologies:<br />
  • 22. Network Intrusion detection system<br /><ul><li>Detect attacks as they happen
  • 23. Real-time monitoring of networks
  • 24. Provide information about attacks that have succeeded
  • 25. Forensic analysis</li></li></ul><li><ul><li>Deploying sensors at strategic locations
  • 26. E.G., Packet sniffing via tcpdump at routers
  • 27. Inspecting network traffic
  • 28. Watch for violations of protocols and unusual connection patterns
  • 29. Monitoring user activities
  • 30. Look into the data portions of the packets for malicious command sequences</li></li></ul><li>
  • 31. May be easily defeated by encryption<br />Data portions and some header information can be encrypted<br />The decryption engine still there.<br />
  • 32. Related Tools for Network IDS <br /><ul><li>While not an element of Snort, Ethereal is the best open source GUI-based packet viewer
  • 33. www.ethereal.com offers:
  • 34. Windows
  • 35. UNIX, e.g., www.ethereal.com/download.html
  • 36. Red Hat Linux RPMs: ftp.ethereal.com/pub/ethereal/rpms</li></li></ul><li>
  • 37. Requirements of NIDS<br /><ul><li>High-speed, large volume monitoring
  • 38. No packet filter drops
  • 39. Real-time notification
  • 40. Mechanism separate from policy
  • 41. Extensible
  • 42. Broad detection coverage
  • 43. Economy in resource usage
  • 44. Resilience to stress
  • 45. Resilience to attacks upon the IDS itself!</li></li></ul><li>Host Intrusion Detection System<br /><ul><li>Using OS auditing mechanisms
  • 46. E.G., BSM on Solaris: logs all direct or indirect events generated by a user
  • 47. strace for system calls made by a program
  • 48. Monitoring user activities
  • 49. E.G., Analyze shell commands</li></li></ul><li><ul><li>Monitoring executions of system programs
  • 50. E.G., Analyze system calls made by sendmail
  • 51. A HIDS can see more than just network traffic and can make decisions based on local settings, settings specific to an OS, and log data. </li></li></ul><li>
  • 52.
  • 53. Signature based ids<br /><ul><li>Sniff traffic on network
  • 54. border router or multiple sensors within a LAN
  • 55. Match sniffed tracffic with signatures
  • 56. attack signatures in database
  • 57. Signature: set of rules pertaining to a typical intrusion activity
  • 58. Simple example rule: any ICMP packet > 10,000 bytes
  • 59. Example: more than one thousand SYN packets to different ports on same host under a second</li></li></ul><li><ul><li>skilled security engineers research known attacks; put them in database
  • 60. can configure IDS to exclude certain signatures; can modify signature parameters
  • 61. Warn administrator when signature matches.
  • 62. send e-mail, SMS
  • 63. send message to network management system</li></li></ul><li>Limitations to signature detection<br /><ul><li>Requires previous knowledge of attack to generate accurate signature
  • 64. Blind to unknown attacks
  • 65. Signature bases are getting larger
  • 66. Every packet must be compared with each signature
  • 67. IDS can get overwhelmed with processing; can miss packets</li></li></ul><li>Anomaly Detection IDS<br /><ul><li>Observe traffic during normal operation
  • 68. Create normal traffic profile
  • 69. Look for packet streams that are statistically unusual
  • 70. e.g., inordinate percentage of ICMP packet
  • 71. or exponential growth in port scans/sweeps
  • 72. Doesn’t rely on having previous knowledge of attack
  • 73. Research topic in security</li>

×