Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network-Based Intrusion Detection System


Published on

Published in: Technology
  • Be the first to comment

Network-Based Intrusion Detection System

  1. 1. Network-Based Intrusion Detection Systems By: John Buckhorn
  2. 2. Introduction Security Threats on the RiseTraditional Protection Antivirus Firewalls
  3. 3. History• USAF – 1972 – Noted vulnerabilities of computer security• 1984 – First Intrusion Detection System Prototype – Real Time Intrusion Detection – Would eventually evolve into modern NBIDS
  4. 4. IDS Features• Pattern matching• Data destruction• denial-of-service• Hostile code• Network or System Eavesdropping• System and Network Mapping• Unauthorized access• Anomaly Detection
  5. 5. Intrusion Detection Technologies• Host-based Intrusion detection Systems (HIDS)• Network-Based intrusion detection systems (NBIDS)• File System Integrity checkers• Honeypot Systems• Security Information Management (SIM)
  6. 6. Network-Based Intrusion Detection System (NBIDS) • More network based attacks • Shift from host based to network based • An NBIDS is a system that monitors traffic at selected points on a network or interconnected set of networks
  7. 7. Types of Attacks (Internal)• Insider Attacks – Not limited to an employee• Examples – Internal Denial of Service (DoS) – Internal Privilege Escalation – Internal Super-User Privileges
  8. 8. Types of Attacks (External)• External Threats – Companies systems are becoming more visible – International Threats• Example – External Denial of Service (DoS) – External Privilege Escalations
  9. 9. NBIDS Benefits• Trace activity• Complements: – Firewalls – Antivirus Software• System Management Competencies – Monitoring – Security Audits – Response – Attack Recognition
  10. 10. Types of NBIDS• Promiscuous-Mode – Captures every packet• Network-Node – VPN
  11. 11. NBIDS Issues• Cannot reassemble all fragmented traffic• Cannot compensate for low credential standards• Cannot analyze all data or deal with packet- level issues• Firewalls serve best
  12. 12. NBIDS Future• Artificial Intelligence• Combination of: – Anomaly Detection – Misuse Detection• New Hybrid Model
  13. 13. Cost Effectiveness• One Third of attacks originate inside the company• Firewalls only prevent unauthorized access from outside the network• Companies spent $3.8 Million/year• Compared to $60,000 for a hardware-based Cisco® NBIDS
  14. 14. Available NBIDS• Snort Intrusion Prevention – Software- based – Free• AIDE – Software-Based – Free• IBM RealSecure ISS – Software-Based – ~$12,000• Cisco IPS 4270 – Harware-based – ~$50,000-$60,000
  15. 15. FAQ• Why have a NBIDS if it cannot prevent a hack?• When would it be necessary to use a Host- based Intrusion Detection System?• What is a Signature?
  16. 16. Conclusion• Goal: – To achieve a balance• NBIDS is not preventative – Firewall – Antivirus – Host based IDS