SlideShare a Scribd company logo

Lesson 1

Download as PPT, PDF
M
MLG College of Learning, Inc

Intrusion Detection

Education
1 of 17
Principles of Information Security, Fifth Edition Chapter 7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools Do not wait; the time will never be just right. Start where you stand and work with whatever tools you may have at your command, and better tools will be found as you go along. NAPOLEON HILL (1883–1970) FOUNDER OF THE SCIENCE of SUCCESS Lesson 1 – Intrusion Detection
Learning Objectives • Upon completion of this material, you should be able to: – Identify and describe the categories and models of intrusion detection and prevention systems – Describe the detection approaches employed by modern intrusion detection and prevention systems – Define and describe honeypots, honeynets, and padded cell systems – List and define the major categories of scanning and analysis tools, and describe the specific tools used within each category Principles of Information Security, Fifth Edition 2
Introduction • Protection of organizations assets relies as much on managerial controls as on technical safeguards. • Properly implemented technical solutions guided by policy are essential to an information security program. • Advanced technologies can be used to enhance the security of information assets. Principles of Information Security, Fifth Edition 3
Intrusion Detection and Prevention Systems • An intrusion occurs when an attacker attempts to gain entry into or disrupt the normal operations of an organization’s information systems. • Intrusion prevention consists of activities that deter an intrusion. • Intrusion detection consists of procedures and systems that identify system intrusions. • Intrusion reaction encompasses actions an organization undertakes when intrusion event is detected. Principles of Information Security, Fifth Edition 4
Intrusion Detection and Prevention Systems (cont’d) • Intrusion correction activities: complete restoration of operations to a normal state and seek to identify source and method of intrusion • Intrusion detection systems detect a violation of its configuration and activate alarm. • Many IDPSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers. • Systems can also be configured to notify an external security service organization of a “break- in.” Principles of Information Security, Fifth Edition 5
IDPS Terminology • Alarm clustering and compaction • Alarm filtering • Alert or alarm • Confidence value • Evasion • False attack stimulus • False negative and false positive • Noise • Site policy • Site policy awareness • True attack stimulus • Tuning Principles of Information Security, Fifth Edition 6
Why Use an IDPS? • Intrusion detection: – Primary purpose to identify and report an intrusion – Can quickly contain attack and prevent/mitigate loss or damage – Detect and deal with preambles to attacks • Data collection allows the organization to examine what happened after an intrusion and why. • Serves as a deterrent by increasing the fear of detection • Can help management with quality assurance and continuous improvement Principles of Information Security, Fifth Edition 7
Types of IDPSs • IDPSs operate as network-based or host-based systems. • Network-based IDPS is focused on protecting network information assets. – Wireless IDPS: focuses on wireless networks – Network behavior analysis IDPS: examines traffic flow on a network in an attempt to recognize abnormal patterns Principles of Information Security, Fifth Edition 8
Principles of Information Security, Fifth Edition 9
Types of IDPSs (cont’d) • Network-based IDPS (NIDPS) – Resides on a computer or an appliance connected to a segment of an organization’s network; looks for indications of attacks – When examining packets, a NIDPS looks for attack patterns within network traffic – Installed at specific place in the network where it can monitor traffic going into and out of a particular network segment Principles of Information Security, Fifth Edition 10
Types of IDPSs (cont’d) • Network-based IDPS (NIDPS) (cont’d) – To determine whether attack has occurred/is under way, compare measured activity to known signatures in knowledge base – Done by using special implementation of TCP/IP stack: • In the process of protocol stack verification, NIDPSs look for invalid data packets. • In the application protocol verification, higher-order protocols are examined for unexpected packet behavior or improper use. Principles of Information Security, Fifth Edition 11
Types of IDPSs (cont’d) • Advantages of NIDPSs – Good network design and placement of NIDPS can enable an organization to monitor a large network with few devices. – NIDPSs are usually passive and can be deployed into existing networks with little disruption to normal network operations. – NIDPSs are not usually susceptible to direct attack and may not be detectable by attackers. Principles of Information Security, Fifth Edition 12
Types of IDPSs (cont’d) • Disadvantages of NIDPSs – Can become overwhelmed by network volume and fail to recognize attacks – Require access to all traffic to be monitored – Cannot analyze encrypted packets – Cannot reliably ascertain if attack was successful or not – Some forms of attack are not easily discerned by NIDPSs, specifically those involving fragmented packets. Principles of Information Security, Fifth Edition 13
Types of IDPSs (cont’d) • Wireless NIDPS – Monitors and analyzes wireless network traffic – Issues associated with it include physical security, sensor range, access point and wireless switch locations, wired network connections, cost, AP and wireless switch locations. • Network behavior analysis systems – Identify problems related to the flow of traffic – Types of events commonly detected include denial-of-service (DoS) attacks, scanning, worms, unexpected application services, and policy violations. – Offer intrusion prevention capabilities that are passive, inline, and both passive and inline Principles of Information Security, Fifth Edition 14
Types of IDPSs (cont’d) • Host-based IDPS (HIDPS) – Resides on a particular computer or server (host) and monitors activity only on that system – Benchmarks and monitors the status of key system files and detects when intruder creates, modifies, or deletes files – Advantage over NIDPS: can access encrypted information traveling over network and make decisions about potential/actual attacks – Most HIDPSs work on the principle of configuration or change management. Principles of Information Security, Fifth Edition 15
Types of IDPSs (cont’d) • Advantages of HIDPSs – Can detect local events on host systems and detect attacks that may elude a network-based IDPS – Functions on host system, where encrypted traffic will have been decrypted and is available for processing – Not affected by use of switched network protocols – Can detect inconsistencies in how applications and systems programs were used by examining records stored in audit logs Principles of Information Security, Fifth Edition 16
Types of IDPSs (cont’d) • Disadvantages of HIDPSs – Pose more management issues – Vulnerable both to direct attacks and attacks against host operating system – Does not detect multihost scanning, nor scanning of non-host network devices – Susceptible to some DoS attacks – Can use large amounts of disk space – Can inflict a performance overhead on its host systems Principles of Information Security, Fifth Edition 17

Recommended

Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Information security
Information security Information security
Information security razendar79
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 

Recommended

Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Information security
Information security Information security
Information security razendar79
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Role of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceRole of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Web security
Web securityWeb security
Web securityJatin Grover
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1MLG College of Learning, Inc
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfinfosec train
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 

More Related Content

What's hot

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1MLG College of Learning, Inc
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfinfosec train
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 

What's hot (20)

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Role of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceRole of Certification Authority in E-Commerce
Role of Certification Authority in E-Commerce
 
Web security
Web securityWeb security
Web security
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdf
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 

Similar to Lesson 1

Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfthilakrajc
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemsalutiontechnology
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxYash Sharma
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 

Similar to Lesson 1 (20)

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
 
Idps
IdpsIdps
Idps
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
Intrusion .ppt
Intrusion .pptIntrusion .ppt
Intrusion .ppt
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
Network Security
Network SecurityNetwork Security
Network Security
 
9780840024220 ppt ch06
9780840024220 ppt ch069780840024220 ppt ch06
9780840024220 ppt ch06
 
ch03.pptx
ch03.pptxch03.pptx
ch03.pptx
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 

Recently uploaded (20)

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 

Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools Do not wait; the time will never be just right. Start where you stand and work with whatever tools you may have at your command, and better tools will be found as you go along. NAPOLEON HILL (1883–1970) FOUNDER OF THE SCIENCE of SUCCESS Lesson 1 – Intrusion Detection
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Identify and describe the categories and models of intrusion detection and prevention systems – Describe the detection approaches employed by modern intrusion detection and prevention systems – Define and describe honeypots, honeynets, and padded cell systems – List and define the major categories of scanning and analysis tools, and describe the specific tools used within each category Principles of Information Security, Fifth Edition 2
  • 3. Introduction • Protection of organizations assets relies as much on managerial controls as on technical safeguards. • Properly implemented technical solutions guided by policy are essential to an information security program. • Advanced technologies can be used to enhance the security of information assets. Principles of Information Security, Fifth Edition 3
  • 4. Intrusion Detection and Prevention Systems • An intrusion occurs when an attacker attempts to gain entry into or disrupt the normal operations of an organization’s information systems. • Intrusion prevention consists of activities that deter an intrusion. • Intrusion detection consists of procedures and systems that identify system intrusions. • Intrusion reaction encompasses actions an organization undertakes when intrusion event is detected. Principles of Information Security, Fifth Edition 4
  • 5. Intrusion Detection and Prevention Systems (cont’d) • Intrusion correction activities: complete restoration of operations to a normal state and seek to identify source and method of intrusion • Intrusion detection systems detect a violation of its configuration and activate alarm. • Many IDPSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers. • Systems can also be configured to notify an external security service organization of a “break- in.” Principles of Information Security, Fifth Edition 5
  • 6. IDPS Terminology • Alarm clustering and compaction • Alarm filtering • Alert or alarm • Confidence value • Evasion • False attack stimulus • False negative and false positive • Noise • Site policy • Site policy awareness • True attack stimulus • Tuning Principles of Information Security, Fifth Edition 6
  • 7. Why Use an IDPS? • Intrusion detection: – Primary purpose to identify and report an intrusion – Can quickly contain attack and prevent/mitigate loss or damage – Detect and deal with preambles to attacks • Data collection allows the organization to examine what happened after an intrusion and why. • Serves as a deterrent by increasing the fear of detection • Can help management with quality assurance and continuous improvement Principles of Information Security, Fifth Edition 7
  • 8. Types of IDPSs • IDPSs operate as network-based or host-based systems. • Network-based IDPS is focused on protecting network information assets. – Wireless IDPS: focuses on wireless networks – Network behavior analysis IDPS: examines traffic flow on a network in an attempt to recognize abnormal patterns Principles of Information Security, Fifth Edition 8
  • 9. Principles of Information Security, Fifth Edition 9
  • 10. Types of IDPSs (cont’d) • Network-based IDPS (NIDPS) – Resides on a computer or an appliance connected to a segment of an organization’s network; looks for indications of attacks – When examining packets, a NIDPS looks for attack patterns within network traffic – Installed at specific place in the network where it can monitor traffic going into and out of a particular network segment Principles of Information Security, Fifth Edition 10
  • 11. Types of IDPSs (cont’d) • Network-based IDPS (NIDPS) (cont’d) – To determine whether attack has occurred/is under way, compare measured activity to known signatures in knowledge base – Done by using special implementation of TCP/IP stack: • In the process of protocol stack verification, NIDPSs look for invalid data packets. • In the application protocol verification, higher-order protocols are examined for unexpected packet behavior or improper use. Principles of Information Security, Fifth Edition 11
  • 12. Types of IDPSs (cont’d) • Advantages of NIDPSs – Good network design and placement of NIDPS can enable an organization to monitor a large network with few devices. – NIDPSs are usually passive and can be deployed into existing networks with little disruption to normal network operations. – NIDPSs are not usually susceptible to direct attack and may not be detectable by attackers. Principles of Information Security, Fifth Edition 12
  • 13. Types of IDPSs (cont’d) • Disadvantages of NIDPSs – Can become overwhelmed by network volume and fail to recognize attacks – Require access to all traffic to be monitored – Cannot analyze encrypted packets – Cannot reliably ascertain if attack was successful or not – Some forms of attack are not easily discerned by NIDPSs, specifically those involving fragmented packets. Principles of Information Security, Fifth Edition 13
  • 14. Types of IDPSs (cont’d) • Wireless NIDPS – Monitors and analyzes wireless network traffic – Issues associated with it include physical security, sensor range, access point and wireless switch locations, wired network connections, cost, AP and wireless switch locations. • Network behavior analysis systems – Identify problems related to the flow of traffic – Types of events commonly detected include denial-of-service (DoS) attacks, scanning, worms, unexpected application services, and policy violations. – Offer intrusion prevention capabilities that are passive, inline, and both passive and inline Principles of Information Security, Fifth Edition 14
  • 15. Types of IDPSs (cont’d) • Host-based IDPS (HIDPS) – Resides on a particular computer or server (host) and monitors activity only on that system – Benchmarks and monitors the status of key system files and detects when intruder creates, modifies, or deletes files – Advantage over NIDPS: can access encrypted information traveling over network and make decisions about potential/actual attacks – Most HIDPSs work on the principle of configuration or change management. Principles of Information Security, Fifth Edition 15
  • 16. Types of IDPSs (cont’d) • Advantages of HIDPSs – Can detect local events on host systems and detect attacks that may elude a network-based IDPS – Functions on host system, where encrypted traffic will have been decrypted and is available for processing – Not affected by use of switched network protocols – Can detect inconsistencies in how applications and systems programs were used by examining records stored in audit logs Principles of Information Security, Fifth Edition 16
  • 17. Types of IDPSs (cont’d) • Disadvantages of HIDPSs – Pose more management issues – Vulnerable both to direct attacks and attacks against host operating system – Does not detect multihost scanning, nor scanning of non-host network devices – Susceptible to some DoS attacks – Can use large amounts of disk space – Can inflict a performance overhead on its host systems Principles of Information Security, Fifth Edition 17