Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Ips and its types
1.
2. Discussion Topics:
IPS and Its Types
Kerberos Authentication Protocol
Group members:
Mohsin Iqbal (1596)
Arslan Khaliq (1582)
Saeed –ur- Rehman (1607)
Usman Ali (1622)
Presented to:
Mr. Farhat Mehmood
3. Need for Intrusion Prevention System
Today, viruses, worms, and several other invading malicious codes and
programs proliferate widely on the Internet. With the environment
becoming increasingly hostile, networks are easy targets because the
infection can spread across the network rapidly.
Networks need to be designed and equipped with sophisticated
intelligence to diagnose and mitigate threats in real-time.
4. What is IPS?
Intrusion Prevention System (IPS) is any device (hardware or software) that
has the ability to detect attacks, both known and unknown and prevent the
attack from being successful.
Major functions of intrusion prevention systems are to identify malicious
activity, collect information about this activity, report it and attempt to block
or stop it.
Active response security solution. Early Detection, proactive technique, early
prevent the attack, when an attack is identified then blocks the offending
data
IPS design is to enhance data processing ability, intelligent, accurate of it self.
IPS’s include firewalls, anti-virus software and anti-spoofing software.
5.
6. Objectives
The main objectives of intrusion prevention systems are:
Identification of malicious activity
Log information about said activity
Attempt to block/stop harmful activity
Report malevolent activity.
IPS’S DETECTION METHOD
The majority of intrusion prevention systems utilize one of two detection
methods:
1. Signature-based Detection
2. Statistical anomaly-based or Knowledge-based Detection
7. How An IPS Works
An intrusion prevention system works by actively scanning forwarded
network traffic for malicious activities and known attack patterns. The
IPS engine analyzes network traffic and continuously compares the
bitstream with its internal signature database for known attack
patterns.
An IPS might drop a packet determined to be malicious, and follow up
this action by blocking all future traffic from the attacker’s IP address
or port. Legitimate traffic can continue without any perceived
disruption in service.
8. IPS Classifications
Network-based intrusion prevention system (NIPS): Analyzes protocol
activity across the entire network, looking for any untrustworthy traffic.
Wireless intrusion prevention system (WIPS): Analyzes network protocol
activity across the entire wireless network, looking for any untrustworthy
traffic.
Host-based intrusion prevention system (HIPS): A secondary software
package that follows a single host for malicious activity, and analyzes events
occurring within said host.
Network behavior analysis (NBA): Examines network traffic to identify
threats that generate strange traffic flows. The most common threats being
distributed denial of service attacks.
10. 1.INLINE NETWORK IPS
It is configured with two NICs, one for management and one for detection.
NIC that is configured for detection usually does not have an IP address
assigned .
It works by sitting between the systems that need to be protected and the rest
of the network.
It inspects the packet for any vulnerabilities that it is configured to look for.
11. 2. LAYER SEVEN SWITCHES
• Placing these devices in front of your firewalls would give protection for the
entire network.
• However the drawbacks are that they can only stop attacks that they know
about.
• The only attack they can stop that most others IPS can’t are the DoS attacks.
12. 3. APPLICATION FIREWALLS
• These IPSs are loaded on each server that is to be protected.
• These types of IPSs are customizable to each application that they are to
protect.
• It profiles a system before protecting it. During the profiling it watches the
user’s interaction with the application and the applications interaction with
the operating system to determine what legitimate interaction looks like.
• The drawback is that when the application is updated it might have to be
profiled again.
13. 4. HYBRID SWITCHES
They inspect specific traffic for malicious content as has been configured
Hybrid switch works in similar manner to layer seven switch, but has
detailed knowledge of the web server and the application that sits on top of
the web server.
It also fails , if the user’s request does not match any of the permitted
requests.
14. 5. DECEPTIVE APPLICATIONS
It watches all your network traffic and figures out what is good traffic.
When an attacker attempts to connect to services that do not exist, it will
send back a response to the attacker
The response will be “marked” with some bogus data. When the attacker
comes back again and tries to exploit the server the IPS will see the
“marked” data and stop all traffic coming from the attacker.
15. Kerberos Authentication Protocol
Kerberos is a computer network authentication protocol.
It helps the user to prove its identity to various services .
Don't require user to enter password every time a service is
requested.
Developed at MIT in the mid 1980s..
16. What’s with the 3 heads?
Authentication
Confirms that a user who is requesting services.
Authorization
Granting of specific types of services to a user based on their
authentication.
Accounting
The tracking of the consumption of network resources by users.
17. Kerberos vs Firewall
Firewalls make a risky assumption: that attackers are coming from the
outside. In reality, attacks frequently come from within.
Kerberos assumes that network connections (rather than servers and work
stations) are the weak link in network security.
18. It consists of following 3 components
Client
Authentication Server or Key Distribution Server (KDC)
Server
Architecture
20. AS Exchange
Exchange between client and Authentication Server (KDC)
Client sends KRB_AS_REQ msg to KDC specifying credentials it
wants
Server replies with msg KRB_AS_REP containing the ticket and
session key
The Session key is encrypted with client’s secret key
The TGT is encrypted with server’s secret key
The encryption type is DES by default
21. TGS Exchange
Is used to obtain additional tickets for the servers.
Doesn’t need client’s secret key for encryption
Transparent to the user
TGS must have access to all secret keys
But encrypts the ticket using server’s secret key
Client sends KRB_TGS_REQ to the TGS server
Server replies KRB_TGS_REP to the client with ticket
22. CS Exchange
Client contacts with the real server
Client sends KRB_AP_REQ to the server specifying the service
Server validates client by decrypting ticket with server’s secret key and
decrypting authenticator with sessions key contained in ticket
Server optionally replies with KRB_AP_REP
Limitations
Only provides authentication
Central Authentication server
Assumes relatively secure hosts on an insecure network