SlideShare a Scribd company logo

FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt

Download as PPT, PDF
U
useonlyfortech140

IDS

Education
1 of 27
Module-2 IDS
Intrusion Detection System (IDS) • IDP (Intrusion Detection and Prevention) network intrusion detection (ID) is based on monitoring the operation of computer systems or `networks and analyzing the processes they perform, which can point to certain incidents. • Incidents are events posing a threat to or violating defined security policies, violating AUP (acceptable use policy) rules, or generally accepted security norms. • They appear as a result of the operation of various malware programmes (eg. Worms, spyware, viruses, and trojans), as a result of attempts at unauthorized access to a system through public infrastructure (internet), or as a result of the operation of authorized system users who abuse their privileges.
Intrusion Detection System (IDS) Network intrusion prevention (IP) • It includes the process of detecting network intrusion events, but also includes the process of preventing and blocking detected or potential network incidents. Network intrusion detection and prevention systems (idp) • They are based on identifying potential incidents, logging information about them, attempting to prevent them and alerting the administrators responsible for security. • In addition to this basic function, IDP systems can also be used to identify problems concerning the adopted security policies, to document existing security threats and to discourage individuals from violating security rules. • IDP systems use various incident detection methods.
Intrusion Detection System (IDS) • There are three primary classes of detection methodology: 1. Signature-based detection 2. Anomaly-based detection 3. Detection based on stateful protocol analysis
Intrusion Detection System (IDS) 1. Signature-based detection – certain security threats can be detected based on the characteristic manner in which they appear. – The behaviour of an already detected security threat, described in a form that can be used for the detection of any subsequent appearance of the same threat, is called an attack signature. – This detection method, based on the characteristic signature of an attack, is a process of comparing the known forms in which the threat has appeared with the specific network traffic in order to identify certain incidents.
IDS
Intrusion Detection System (IDS) 1. Signature-based detection – Although it can be very efficient in detecting the subsequent appearance of known threats, this detection method is extremely inefficient in the detection of completely unknown threats, of threats hidden by using various techniques, and of already known threats that have somehow been modified in the meantime. – It is considered the simplest detection method and it cannot be used for monitoring and analysing the state of certain, more complex forms of communication.
Intrusion Detection System (IDS) 2. Anomaly-based detection – This method of IDP is based on detecting anomalies in a specific traffic flow in the network. – Anomaly detection is performed, based on the defined profile of acceptable traffic and its comparison with the specific traffic in the network. – Acceptable traffic profiles are formed by tracking the typical characteristics of the traffic in the network during a certain period of time (e.g., The number of email messages sent by a user, and the number of attempts to log in to a host, or the level of utilisation of the processor in a given time interval). – These characteristics of the behaviour of users, hosts, connections or applications in the same time interval are then considered to be completely acceptable.
Intrusion Detection System (IDS) 2. Anomaly-based detection – However, acceptable-behaviour profiles can unintentionally contain certain security threats, which lead to problems in their application. – Likewise, imprecisely defined profiles of acceptable behaviour can cause numerous alarms, generated by the system itself as a reaction to certain acceptable) activities on the network. – The greatest advantage of this detection method is its exceptional efficiency in detecting previously unknown security threats.
Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Stateful protocol analysis is a process of comparing predefined operation profiles with the specific data flow of that protocol on the network. – Predefined profiles of operation of a protocol are defined by the manufacturers of IDP devices and they identify everything that is acceptable or not acceptable in the exchange of messages in a protocol. – Unlike anomaly-based detection, where profiles are created based on the hosts or specific activities on the network, stateful protocol analysis uses general profiles generated by the equipment manufacturers. – Most IDP systems use several detection methods simultaneously, thus enabling a more comprehensive and precise method of detection.
Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Testing tools are used for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, ids/ips, routers and switches. – These test the traffic filtering devices' ability to detect and/or block dos attacks, spyware, backdoors, and attacks against applications such as IIS, SQL server and WINS. – Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP
Intrusion Detection System (IDS) • Intrusion detection systems can be grouped into the following categories: – Host-based IDS – Network-based IDS – Intrusion prevention system (IPS)
Host-based intrusion detection systems • Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. • They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. • Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
Host-based intrusion detection systems • Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. • Because attackers mainly focus on operating system vulnerabilities to break into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
Network-based intrusion detection systems • Network traffic based IDSs capture network traffic to detect intruders. • Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. • Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI (NetBIOS Extended User Interface) and XNS (Xerox Network Systems), are vulnerable to attack and require additional ways to detect malicious events. • Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed.
Network-based intrusion detection systems • Cooperative agents are one of the most important components of distributed intrusion detection architecture. • An agent is an autonomous or semi-autonomous piece of software that runs in the background and performs useful tasks for another. • Relative to IDSs, an agent is generally a piece of software that senses intrusions locally and reports attack information to central analysis servers. • The cooperative agents can form a network among themselves for data transmission and processing. • The use of multiple agents across a network allows a broader view of the network than might be possible with a single IDS or centralized IDSs.
Intrusion prevention system (IPS) • An IPS is a network security tool that can not only detect intruders, but also prevent them from successfully launching any known attack. • Intrusion prevention systems combine the abilities of firewalls and intrusion detection systems. • However, implementing an IPS on an effective scale can be costly, so businesses should carefully assess their IT risks before making the investment. • Moreover, some intrusion prevention systems are not as fast and robust as some firewalls and intrusion detection systems, so an IPS might not be an appropriate solution when speed is an absolute requirement.
Intrusion prevention system (IPS) • One important distinction to make is the difference between intrusion prevention and active response. • An active response device dynamically reconfigures or alters network or system access controls, session streams or individual packets based on triggers from packet inspection and other detection devices. • Active response happens after the event has occurred; thus, a single packet attack will be successful on the first attempt but will be blocked in future attempts; for example, a DDoS attack will be successful on the first packets but will be blocked afterwards. • While active response devices are beneficial, this one aspect makes them unsuitable as an overall solution. • Network intrusion prevention devices, on the other hand, are typically inline devices on the network that inspect packets and make decisions before forwarding them on to the destination.
Intrusion prevention system (IPS) • Most important, an IPS must perform packet inspection and analysis at wire speed. Intrusion prevention systems should be performing detailed packet inspection to detect intrusions, including application- layer and zero-day attacks. • System or host intrusion prevention devices are also inline at the operating system level. They have the ability to intercept system calls, file access, memory access, processes and other system functions to prevent attacks. There are several intrusion prevention technologies, including the following: – System memory and process protection – Inline network devices – Session sniping – Gateway interaction devices
Intrusion prevention system (IPS) • System memory and process protection – This type of intrusion prevention strategy resides at the system level. – Memory protection consists of a mechanism to prevent a process from corrupting the memory of another process running on the same system. – Process protection consists of a mechanism for monitoring process execution, with the ability to kill processes that are suspected of being attacks.
Intrusion prevention system (IPS) • Inline network devices – This type of intrusion prevention strategy places a network device directly in the path of network communications with the capability to modify and block attack packets as they traverse the device’s interfaces. – It acts much like a router or firewall combined with the signature-matching capabilities of IDS. The detection and response happens in real time before the packet is passed on to the destination network.
Intrusion prevention system (IPS) • Session sniping – This type of intrusion prevention strategy terminates a TCP session by sending a TCP RST packet to both ends of the connection. When an attempted attack is detected, the TCP RST is sent and the attempted exploit is flushed from the buffers and thus prevented. – Note: TCP RST packets must have the correct sequence and acknowledgement numbers to be effective.
Session sniping
• Gateway interaction devices – This type of intrusion prevention strategy allows a detection device to dynamically interact with network gateway devices such as routers or firewalls. When an attempted attack is detected, the detection device can direct the router or firewall to block the attack.
Intrusion prevention system (IPS) • Session sniping system identification is another concern when deploying active response IPSs. • When systems terminate sessions with RST packets, an attacker might be able to discover not only that an IPS is involved but also the type of underlying system. • Readily available passive operating system identification tools analyze packets to determine the underlying operating system. • This type of information might enable an attacker to evade the IPS or direct an attack at the IPS.
Intrusion prevention system (IPS) • There are several risks when deploying intrusion prevention technologies. • Most notable is the recurring issue of false positives in today’s intrusion detection systems. On some occasions, legitimate traffic will display characteristics similar to malicious traffic. • This could be anything from inadvertently matching signatures to uncharacteristically high traffic volume. • Even a finely tuned IDS can present false positives when this occurs. When intrusion prevention is involved, false positives can create a denial-of-service (DoS) condition for legitimate traffic. • In addition, attackers who discover or suspect the use of intrusion prevention methods can purposely create a DoS attack against legitimate networks and sources by sending attacks with spoofed source IP addresses. • A simple mitigation to some DoS conditions is to use a whitelisting policy.
Intrusion prevention system (IPS) • When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. • You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. • It is always recommended to run IPS and active response technologies in test mode for a while to thoroughly understand their behavior.

Recommended

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfthilakrajc
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Idps
IdpsIdps
IdpsGNANARAJA R
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Network Security
Network SecurityNetwork Security
Network SecurityJitin Kollamkudy
 

Recommended

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfthilakrajc
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Idps
IdpsIdps
IdpsGNANARAJA R
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Network Security
Network SecurityNetwork Security
Network SecurityJitin Kollamkudy
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commercehidivin652
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPSSAurabh PRajapati
 
IS-Types of IDPSs.pptx
IS-Types of IDPSs.pptxIS-Types of IDPSs.pptx
IS-Types of IDPSs.pptxV.V.Vanniaperumal College for Women
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
 
idps
idpsidps
idpsiskrene
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
012
012012
012chatakondu karthik uday bhaskar
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention MohammedAlmuhaimeed
 
Efficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion DetectionEfficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion Detectioneditor1knowledgecuddle
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptxRoyBokhiriya
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
ids.ppt
ids.pptids.ppt
ids.pptAgostinho9
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptxTapan Khilar
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 

More Related Content

Similar to FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt

Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commercehidivin652
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention MohammedAlmuhaimeed
 
Efficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion DetectionEfficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion Detectioneditor1knowledgecuddle
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 

Similar to FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt (20)

Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commerce
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
IS-Types of IDPSs.pptx
IS-Types of IDPSs.pptxIS-Types of IDPSs.pptx
IS-Types of IDPSs.pptx
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
 
idps
idpsidps
idps
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
012
012012
012
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
 
Efficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion DetectionEfficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion Detection
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEM
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 

Recently uploaded

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 

Recently uploaded (20)

Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt

  • 2. Intrusion Detection System (IDS) • IDP (Intrusion Detection and Prevention) network intrusion detection (ID) is based on monitoring the operation of computer systems or `networks and analyzing the processes they perform, which can point to certain incidents. • Incidents are events posing a threat to or violating defined security policies, violating AUP (acceptable use policy) rules, or generally accepted security norms. • They appear as a result of the operation of various malware programmes (eg. Worms, spyware, viruses, and trojans), as a result of attempts at unauthorized access to a system through public infrastructure (internet), or as a result of the operation of authorized system users who abuse their privileges.
  • 3. Intrusion Detection System (IDS) Network intrusion prevention (IP) • It includes the process of detecting network intrusion events, but also includes the process of preventing and blocking detected or potential network incidents. Network intrusion detection and prevention systems (idp) • They are based on identifying potential incidents, logging information about them, attempting to prevent them and alerting the administrators responsible for security. • In addition to this basic function, IDP systems can also be used to identify problems concerning the adopted security policies, to document existing security threats and to discourage individuals from violating security rules. • IDP systems use various incident detection methods.
  • 4. Intrusion Detection System (IDS) • There are three primary classes of detection methodology: 1. Signature-based detection 2. Anomaly-based detection 3. Detection based on stateful protocol analysis
  • 5. Intrusion Detection System (IDS) 1. Signature-based detection – certain security threats can be detected based on the characteristic manner in which they appear. – The behaviour of an already detected security threat, described in a form that can be used for the detection of any subsequent appearance of the same threat, is called an attack signature. – This detection method, based on the characteristic signature of an attack, is a process of comparing the known forms in which the threat has appeared with the specific network traffic in order to identify certain incidents.
  • 6. IDS
  • 7. Intrusion Detection System (IDS) 1. Signature-based detection – Although it can be very efficient in detecting the subsequent appearance of known threats, this detection method is extremely inefficient in the detection of completely unknown threats, of threats hidden by using various techniques, and of already known threats that have somehow been modified in the meantime. – It is considered the simplest detection method and it cannot be used for monitoring and analysing the state of certain, more complex forms of communication.
  • 8. Intrusion Detection System (IDS) 2. Anomaly-based detection – This method of IDP is based on detecting anomalies in a specific traffic flow in the network. – Anomaly detection is performed, based on the defined profile of acceptable traffic and its comparison with the specific traffic in the network. – Acceptable traffic profiles are formed by tracking the typical characteristics of the traffic in the network during a certain period of time (e.g., The number of email messages sent by a user, and the number of attempts to log in to a host, or the level of utilisation of the processor in a given time interval). – These characteristics of the behaviour of users, hosts, connections or applications in the same time interval are then considered to be completely acceptable.
  • 9. Intrusion Detection System (IDS) 2. Anomaly-based detection – However, acceptable-behaviour profiles can unintentionally contain certain security threats, which lead to problems in their application. – Likewise, imprecisely defined profiles of acceptable behaviour can cause numerous alarms, generated by the system itself as a reaction to certain acceptable) activities on the network. – The greatest advantage of this detection method is its exceptional efficiency in detecting previously unknown security threats.
  • 10. Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Stateful protocol analysis is a process of comparing predefined operation profiles with the specific data flow of that protocol on the network. – Predefined profiles of operation of a protocol are defined by the manufacturers of IDP devices and they identify everything that is acceptable or not acceptable in the exchange of messages in a protocol. – Unlike anomaly-based detection, where profiles are created based on the hosts or specific activities on the network, stateful protocol analysis uses general profiles generated by the equipment manufacturers. – Most IDP systems use several detection methods simultaneously, thus enabling a more comprehensive and precise method of detection.
  • 11. Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Testing tools are used for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, ids/ips, routers and switches. – These test the traffic filtering devices' ability to detect and/or block dos attacks, spyware, backdoors, and attacks against applications such as IIS, SQL server and WINS. – Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP
  • 12. Intrusion Detection System (IDS) • Intrusion detection systems can be grouped into the following categories: – Host-based IDS – Network-based IDS – Intrusion prevention system (IPS)
  • 13. Host-based intrusion detection systems • Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. • They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. • Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
  • 14. Host-based intrusion detection systems • Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. • Because attackers mainly focus on operating system vulnerabilities to break into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
  • 15. Network-based intrusion detection systems • Network traffic based IDSs capture network traffic to detect intruders. • Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. • Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI (NetBIOS Extended User Interface) and XNS (Xerox Network Systems), are vulnerable to attack and require additional ways to detect malicious events. • Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed.
  • 16. Network-based intrusion detection systems • Cooperative agents are one of the most important components of distributed intrusion detection architecture. • An agent is an autonomous or semi-autonomous piece of software that runs in the background and performs useful tasks for another. • Relative to IDSs, an agent is generally a piece of software that senses intrusions locally and reports attack information to central analysis servers. • The cooperative agents can form a network among themselves for data transmission and processing. • The use of multiple agents across a network allows a broader view of the network than might be possible with a single IDS or centralized IDSs.
  • 17. Intrusion prevention system (IPS) • An IPS is a network security tool that can not only detect intruders, but also prevent them from successfully launching any known attack. • Intrusion prevention systems combine the abilities of firewalls and intrusion detection systems. • However, implementing an IPS on an effective scale can be costly, so businesses should carefully assess their IT risks before making the investment. • Moreover, some intrusion prevention systems are not as fast and robust as some firewalls and intrusion detection systems, so an IPS might not be an appropriate solution when speed is an absolute requirement.
  • 18. Intrusion prevention system (IPS) • One important distinction to make is the difference between intrusion prevention and active response. • An active response device dynamically reconfigures or alters network or system access controls, session streams or individual packets based on triggers from packet inspection and other detection devices. • Active response happens after the event has occurred; thus, a single packet attack will be successful on the first attempt but will be blocked in future attempts; for example, a DDoS attack will be successful on the first packets but will be blocked afterwards. • While active response devices are beneficial, this one aspect makes them unsuitable as an overall solution. • Network intrusion prevention devices, on the other hand, are typically inline devices on the network that inspect packets and make decisions before forwarding them on to the destination.
  • 19. Intrusion prevention system (IPS) • Most important, an IPS must perform packet inspection and analysis at wire speed. Intrusion prevention systems should be performing detailed packet inspection to detect intrusions, including application- layer and zero-day attacks. • System or host intrusion prevention devices are also inline at the operating system level. They have the ability to intercept system calls, file access, memory access, processes and other system functions to prevent attacks. There are several intrusion prevention technologies, including the following: – System memory and process protection – Inline network devices – Session sniping – Gateway interaction devices
  • 20. Intrusion prevention system (IPS) • System memory and process protection – This type of intrusion prevention strategy resides at the system level. – Memory protection consists of a mechanism to prevent a process from corrupting the memory of another process running on the same system. – Process protection consists of a mechanism for monitoring process execution, with the ability to kill processes that are suspected of being attacks.
  • 21. Intrusion prevention system (IPS) • Inline network devices – This type of intrusion prevention strategy places a network device directly in the path of network communications with the capability to modify and block attack packets as they traverse the device’s interfaces. – It acts much like a router or firewall combined with the signature-matching capabilities of IDS. The detection and response happens in real time before the packet is passed on to the destination network.
  • 22. Intrusion prevention system (IPS) • Session sniping – This type of intrusion prevention strategy terminates a TCP session by sending a TCP RST packet to both ends of the connection. When an attempted attack is detected, the TCP RST is sent and the attempted exploit is flushed from the buffers and thus prevented. – Note: TCP RST packets must have the correct sequence and acknowledgement numbers to be effective.
  • 24. • Gateway interaction devices – This type of intrusion prevention strategy allows a detection device to dynamically interact with network gateway devices such as routers or firewalls. When an attempted attack is detected, the detection device can direct the router or firewall to block the attack.
  • 25. Intrusion prevention system (IPS) • Session sniping system identification is another concern when deploying active response IPSs. • When systems terminate sessions with RST packets, an attacker might be able to discover not only that an IPS is involved but also the type of underlying system. • Readily available passive operating system identification tools analyze packets to determine the underlying operating system. • This type of information might enable an attacker to evade the IPS or direct an attack at the IPS.
  • 26. Intrusion prevention system (IPS) • There are several risks when deploying intrusion prevention technologies. • Most notable is the recurring issue of false positives in today’s intrusion detection systems. On some occasions, legitimate traffic will display characteristics similar to malicious traffic. • This could be anything from inadvertently matching signatures to uncharacteristically high traffic volume. • Even a finely tuned IDS can present false positives when this occurs. When intrusion prevention is involved, false positives can create a denial-of-service (DoS) condition for legitimate traffic. • In addition, attackers who discover or suspect the use of intrusion prevention methods can purposely create a DoS attack against legitimate networks and sources by sending attacks with spoofed source IP addresses. • A simple mitigation to some DoS conditions is to use a whitelisting policy.
  • 27. Intrusion prevention system (IPS) • When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. • You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. • It is always recommended to run IPS and active response technologies in test mode for a while to thoroughly understand their behavior.