SlideShare a Scribd company logo

IDS, Honeypots & Scanning Tools

Download as PPT, PDF
M
MLG College of Learning, Inc

Effectiveness of IDPS

Education
1 of 21
Principles of Information Security, Fifth Edition Chapter 7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools Do not wait; the time will never be just right. Start where you stand and work with whatever tools you may have at your command, and better tools will be found as you go along. NAPOLEON HILL (1883–1970) FOUNDER OF THE SCIENCE of SUCCESS Lesson 3 – Effectivene ss of IDPS
Learning Objectives • Upon completion of this material, you should be able to: – Identify and describe the categories and models of intrusion detection and prevention systems – Describe the detection approaches employed by modern intrusion detection and prevention systems – Define and describe honeypots, honeynets, and padded cell systems – List and define the major categories of scanning and analysis tools, and describe the specific tools used within each category Principles of Information Security, Fifth Edition 2
Measuring the Effectiveness of IDPSs • IDPSs are evaluated using four dominant metrics: thresholds, blacklists and whitelists, alert settings, and code viewing and editing. • Evaluation of IDPS might read: At 100 Mb/s, IDPS was able to detect 97 percent of directed attacks. • Because developing this collection can be tedious, most IDPS vendors provide testing mechanisms to verify systems are performing as expected. Principles of Information Security, Fifth Edition 3
Measuring the Effectiveness of IDPSs (cont’d) • Some of these testing processes will enable the administrator to: – Record and retransmit packets from real virus or worm scan – Record and retransmit packets from a real virus or worm scan with incomplete TCP/IP session connections (missing SYN packets) – Conduct a real virus or worm scan against a hardened or sacrificial system • Testing process should be as realistic as possible. Principles of Information Security, Fifth Edition 4
Honeypots, Honeynets, and Padded Cell Systems • Honeypots: decoy systems designed to lure potential attackers away from critical systems • Honeynets: several honeypots connected together on a network segment • Honeypots are designed to: – Divert attacker from accessing critical systems – Collect information about attacker’s activity – Encourage attacker to stay on a system long enough for administrators to document the event and perhaps respond Principles of Information Security, Fifth Edition 5
Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Padded cell system: protected honeypot that cannot be easily compromised • In addition to attracting attackers with tempting data, a padded cell operates in tandem with a traditional IDPS. • When the IDPS detects attackers, padded cell system seamlessly transfers them to a special simulated environment where they can cause no harm—hence the name padded cell. Principles of Information Security, Fifth Edition 6
Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Advantages – Attackers can be diverted to targets they cannot damage. – Administrators have time to decide how to respond to an attacker. – Attackers’ actions can be easily and more extensively monitored, and records can be used to refine threat models and improve system protections. – Honeypots may be effective at catching insiders who are snooping around a network. Principles of Information Security, Fifth Edition 7
Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Disadvantages – Legal implications of using such devices are not well understood. – Honeypots and padded cells have not yet been shown to be generally useful security technologies. – An expert attacker, once diverted into a decoy system, may become angry and launch a more aggressive attack against an organization’s systems. – Administrators and security managers need a high level of expertise to use these systems. Principles of Information Security, Fifth Edition 8
Trap-and-Trace Systems • Use a combination of techniques to detect an intrusion and trace it back to its source • Trap usually consists of a honeypot or a padded cell and alarm. • Legal drawbacks to trap and trace – Enticement: act of attracting attention to system by placing tantalizing information in key locations – Entrapment: act of luring an individual into committing a crime to get a conviction – Enticement is legal and ethical, entrapment is not. Principles of Information Security, Fifth Edition 9
Active Intrusion Prevention • Some organizations implement active countermeasures. • One tool (LaBrea) takes up unused IP address space to pretend to be a computer and allow attackers to complete a connection request, but then holds connection open. Principles of Information Security, Fifth Edition 10
Scanning and Analysis Tools • Scanning tools typically are used to collect information that an attacker needs to launch a successful attack. • Attack protocol is a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. • Footprinting: process of collecting publicly available information about a potential target Principles of Information Security, Fifth Edition 11
Scanning and Analysis Tools (cont’d) • Fingerprinting: systematic survey of target organization’s Internet addresses collected during the footprinting phase to identify network services offered by hosts in that range • Fingerprinting reveals useful information about the internal structure and nature of the target system or network to be attacked. • These tools are valuable to the network defender since they can quickly pinpoint the parts of the systems or network that need a prompt repair to close vulnerabilities. Principles of Information Security, Fifth Edition 12
Port Scanners • Tools used by both attackers and defenders to identify/fingerprint computers active on a network and other useful information • Can either perform generic scans or those for specific types of computers, protocols, or resources • The more specific the scanner is, the more useful its information is to attackers and defenders. Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Firewall Analysis Tools • Several tools automate remote discovery of firewall rules and assist the administrator/attacker in analyzing them. • Administrators who feel wary of using the same tools that attackers use should remember: – User intent dictates how gathered information will be used. – To defend a computer or network well, administrators must understand ways it can be attacked. • A tool that can help close an open or poorly configured firewall will help the network defender minimize risk from attack. Principles of Information Security, Fifth Edition 15
Operating System Detection Tools • Ability to detect a target computer’s operating system (OS) is very valuable to an attacker. – Once OS is known, the attacker can easily determine the vulnerabilities to which it is susceptible. • Many tools use networking protocols to determine a remote computer’s OS. Principles of Information Security, Fifth Edition 16
Vulnerability Scanners • Active vulnerability scanners examine networks for highly detailed information and initiate traffic to determine security holes. • Passive vulnerability scanners listen in on network and identify the vulnerable versions of both server and client software. • Passive vulnerability scanners have the ability to find client-side vulnerabilities typically not found in active scanners. Principles of Information Security, Fifth Edition 17
Packet Sniffers • Network tool that captures copies of packets from network and analyzes them • Can provide network administrator with valuable information for diagnosing and resolving networking issues • In the wrong hands, a sniffer can be used to eavesdrop on network traffic. • To use packet sniffers legally, an administrator must be on a network that the organization owns, be under direct authorization of owners of the network, and have knowledge and consent of the content’s creators. Principles of Information Security, Fifth Edition 18
Wireless Security Tools • An organization that spends its time securing a wired network while ignoring wireless networks is exposing itself to a security breach. • Security professionals must assess the risk of wireless networks. • A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Principles of Information Security, Fifth Edition 19
Summary • Intrusion detection system (IDPS) detects violation of its configuration and activates alarm. • Network-based IDPS (NIDPS) versus host-based IDPS (HIDPS) • Selecting IDPS products that best fit an organization’s needs is challenging and complex. • Honeypots are decoy systems; two variations are known as honeynets and padded cell systems. Principles of Information Security, Fifth Edition 20
Summary (cont’d) • Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in security components, and unsecured aspects of a network. Principles of Information Security, Fifth Edition 21

Recommended

Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 

Recommended

Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAkhil Kumar
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Fundamental cloud security
Fundamental cloud securityFundamental cloud security
Fundamental cloud securityAsmaa Ibrahim
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet IntroductionLance Howell
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanningVi Tính Hoàng Nam
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote AccessMLG College of Learning, Inc
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Snort
SnortSnort
SnortStickman Hai
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 

More Related Content

What's hot

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAkhil Kumar
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Fundamental cloud security
Fundamental cloud securityFundamental cloud security
Fundamental cloud securityAsmaa Ibrahim
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet IntroductionLance Howell
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 

What's hot (20)

Information Security
Information SecurityInformation Security
Information Security
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Fundamental cloud security
Fundamental cloud securityFundamental cloud security
Fundamental cloud security
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
Intruders
IntrudersIntruders
Intruders
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
 
Firewall
FirewallFirewall
Firewall
 
Snort
SnortSnort
Snort
 

Similar to IDS, Honeypots & Scanning Tools

Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxronnasleightholm
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Similar to IDS, Honeypots & Scanning Tools (20)

Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPS
 
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp apt
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 

Recently uploaded (20)

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 

IDS, Honeypots & Scanning Tools

  • 1. Principles of Information Security, Fifth Edition Chapter 7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools Do not wait; the time will never be just right. Start where you stand and work with whatever tools you may have at your command, and better tools will be found as you go along. NAPOLEON HILL (1883–1970) FOUNDER OF THE SCIENCE of SUCCESS Lesson 3 – Effectivene ss of IDPS
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Identify and describe the categories and models of intrusion detection and prevention systems – Describe the detection approaches employed by modern intrusion detection and prevention systems – Define and describe honeypots, honeynets, and padded cell systems – List and define the major categories of scanning and analysis tools, and describe the specific tools used within each category Principles of Information Security, Fifth Edition 2
  • 3. Measuring the Effectiveness of IDPSs • IDPSs are evaluated using four dominant metrics: thresholds, blacklists and whitelists, alert settings, and code viewing and editing. • Evaluation of IDPS might read: At 100 Mb/s, IDPS was able to detect 97 percent of directed attacks. • Because developing this collection can be tedious, most IDPS vendors provide testing mechanisms to verify systems are performing as expected. Principles of Information Security, Fifth Edition 3
  • 4. Measuring the Effectiveness of IDPSs (cont’d) • Some of these testing processes will enable the administrator to: – Record and retransmit packets from real virus or worm scan – Record and retransmit packets from a real virus or worm scan with incomplete TCP/IP session connections (missing SYN packets) – Conduct a real virus or worm scan against a hardened or sacrificial system • Testing process should be as realistic as possible. Principles of Information Security, Fifth Edition 4
  • 5. Honeypots, Honeynets, and Padded Cell Systems • Honeypots: decoy systems designed to lure potential attackers away from critical systems • Honeynets: several honeypots connected together on a network segment • Honeypots are designed to: – Divert attacker from accessing critical systems – Collect information about attacker’s activity – Encourage attacker to stay on a system long enough for administrators to document the event and perhaps respond Principles of Information Security, Fifth Edition 5
  • 6. Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Padded cell system: protected honeypot that cannot be easily compromised • In addition to attracting attackers with tempting data, a padded cell operates in tandem with a traditional IDPS. • When the IDPS detects attackers, padded cell system seamlessly transfers them to a special simulated environment where they can cause no harm—hence the name padded cell. Principles of Information Security, Fifth Edition 6
  • 7. Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Advantages – Attackers can be diverted to targets they cannot damage. – Administrators have time to decide how to respond to an attacker. – Attackers’ actions can be easily and more extensively monitored, and records can be used to refine threat models and improve system protections. – Honeypots may be effective at catching insiders who are snooping around a network. Principles of Information Security, Fifth Edition 7
  • 8. Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Disadvantages – Legal implications of using such devices are not well understood. – Honeypots and padded cells have not yet been shown to be generally useful security technologies. – An expert attacker, once diverted into a decoy system, may become angry and launch a more aggressive attack against an organization’s systems. – Administrators and security managers need a high level of expertise to use these systems. Principles of Information Security, Fifth Edition 8
  • 9. Trap-and-Trace Systems • Use a combination of techniques to detect an intrusion and trace it back to its source • Trap usually consists of a honeypot or a padded cell and alarm. • Legal drawbacks to trap and trace – Enticement: act of attracting attention to system by placing tantalizing information in key locations – Entrapment: act of luring an individual into committing a crime to get a conviction – Enticement is legal and ethical, entrapment is not. Principles of Information Security, Fifth Edition 9
  • 10. Active Intrusion Prevention • Some organizations implement active countermeasures. • One tool (LaBrea) takes up unused IP address space to pretend to be a computer and allow attackers to complete a connection request, but then holds connection open. Principles of Information Security, Fifth Edition 10
  • 11. Scanning and Analysis Tools • Scanning tools typically are used to collect information that an attacker needs to launch a successful attack. • Attack protocol is a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. • Footprinting: process of collecting publicly available information about a potential target Principles of Information Security, Fifth Edition 11
  • 12. Scanning and Analysis Tools (cont’d) • Fingerprinting: systematic survey of target organization’s Internet addresses collected during the footprinting phase to identify network services offered by hosts in that range • Fingerprinting reveals useful information about the internal structure and nature of the target system or network to be attacked. • These tools are valuable to the network defender since they can quickly pinpoint the parts of the systems or network that need a prompt repair to close vulnerabilities. Principles of Information Security, Fifth Edition 12
  • 13. Port Scanners • Tools used by both attackers and defenders to identify/fingerprint computers active on a network and other useful information • Can either perform generic scans or those for specific types of computers, protocols, or resources • The more specific the scanner is, the more useful its information is to attackers and defenders. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Firewall Analysis Tools • Several tools automate remote discovery of firewall rules and assist the administrator/attacker in analyzing them. • Administrators who feel wary of using the same tools that attackers use should remember: – User intent dictates how gathered information will be used. – To defend a computer or network well, administrators must understand ways it can be attacked. • A tool that can help close an open or poorly configured firewall will help the network defender minimize risk from attack. Principles of Information Security, Fifth Edition 15
  • 16. Operating System Detection Tools • Ability to detect a target computer’s operating system (OS) is very valuable to an attacker. – Once OS is known, the attacker can easily determine the vulnerabilities to which it is susceptible. • Many tools use networking protocols to determine a remote computer’s OS. Principles of Information Security, Fifth Edition 16
  • 17. Vulnerability Scanners • Active vulnerability scanners examine networks for highly detailed information and initiate traffic to determine security holes. • Passive vulnerability scanners listen in on network and identify the vulnerable versions of both server and client software. • Passive vulnerability scanners have the ability to find client-side vulnerabilities typically not found in active scanners. Principles of Information Security, Fifth Edition 17
  • 18. Packet Sniffers • Network tool that captures copies of packets from network and analyzes them • Can provide network administrator with valuable information for diagnosing and resolving networking issues • In the wrong hands, a sniffer can be used to eavesdrop on network traffic. • To use packet sniffers legally, an administrator must be on a network that the organization owns, be under direct authorization of owners of the network, and have knowledge and consent of the content’s creators. Principles of Information Security, Fifth Edition 18
  • 19. Wireless Security Tools • An organization that spends its time securing a wired network while ignoring wireless networks is exposing itself to a security breach. • Security professionals must assess the risk of wireless networks. • A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Principles of Information Security, Fifth Edition 19
  • 20. Summary • Intrusion detection system (IDPS) detects violation of its configuration and activates alarm. • Network-based IDPS (NIDPS) versus host-based IDPS (HIDPS) • Selecting IDPS products that best fit an organization’s needs is challenging and complex. • Honeypots are decoy systems; two variations are known as honeynets and padded cell systems. Principles of Information Security, Fifth Edition 20
  • 21. Summary (cont’d) • Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in security components, and unsecured aspects of a network. Principles of Information Security, Fifth Edition 21