SlideShare a Scribd company logo

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf

T
thilakrajc

This document discusses intrusion detection systems (IDS), including the different types and methods they use. It describes signature-based detection which looks for known threats, and anomaly-based detection which identifies deviations from a network's normal behavior profile. It also covers stateful protocol analysis which compares traffic to protocol specifications. The document outlines host-based IDS for monitoring individual systems, network-based IDS for capturing network traffic, and intrusion prevention systems (IPS) which can detect and block threats in real-time. Finally, it lists some popular open source IDS and IPS tools.

Technology
1 of 17
Download to read offline
Module-2 System Security
Intrusion Detection System (IDS) • IDP (intrusion detection and prevention) network intrusion detection (ID) is based on monitoring the operation of computer systems or `networks and analyzing the processes they perform, which can point to certain incidents. • Incidents are events posing a threat to or violating defined security policies, violating AUP (acceptable use policy) rules, or generally accepted security norms. • They appear as a result of the operation of various malware programmes (e.G., Worms, spyware, viruses, and trojans), as a result of attempts at unauthorized access to a system through public infrastructure (internet), or as a result of the operation of authorized system users who abuse their privileges.
Intrusion Detection System (IDS) Network intrusion detection (NID) • It includes the process of detecting network intrusion events, but not includes the process of preventing and blocking detected or potential network incidents. Network intrusion detection and prevention systems (NIDP) • They are based on identifying potential incidents, logging information about them, attempting to prevent them and alerting the administrators responsible for security. • In addition to this basic function, NIDP systems can also be used to identify problems concerning the adopted security policies, to document existing security threats and to discourage individuals from violating security rules. • NIDP systems use various incident detection methods.
Intrusion Detection System (IDS) • There are three primary classes of detection methodology: – 1. Signature-based detection – 2. Anomaly-based detection – 3. Detection based on stateful protocol analysis
Intrusion Detection System (IDS) 1. Signature-based detection – certain security threats can be detected based on the characteristic manner in which they appear. – The behaviour of an already detected security threat, described in a form that can be used for the detection of any subsequent appearance of the same threat, is called an attack signature. – This detection method, based on the characteristic signature of an attack, is a process of comparing the known forms in which the threat has appeared with the specific network traffic in order to identify certain incidents.
Intrusion Detection System (IDS) 1. Signature-based detection – Although it can be very efficient in detecting the subsequent appearance of known threats, this detection method is extremely inefficient in the detection of completely unknown threats, of threats hidden by using various techniques, and of already known threats that have somehow been modified in the meantime. – It is considered the simplest detection method and it cannot be used for monitoring and analysing the state of certain, more complex forms of communication.
Intrusion Detection System (IDS) 2. Anomaly-based detection – This method of IDP is based on detecting anomalies in a specific traffic flow in the network. – Anomaly detection is performed, based on the defined profile of acceptable traffic and its comparison with the specific traffic in the network. – Acceptable traffic profiles are formed by tracking the typical characteristics of the traffic in the network during a certain period of time (e.g., The number of email messages sent by a user, and the number of attempts to log in to a host, or the level of utilization of the processor in a given time interval). – These characteristics of the behaviour of users, hosts, connections or applications in the same time interval are then considered to be completely acceptable.
Intrusion Detection System (IDS) 2. Anomaly-based detection – However, acceptable-behaviour profiles can unintentionally contain certain security threats, which lead to problems in their application. – Likewise, imprecisely defined profiles of acceptable behaviour can cause numerous alarms, generated by the system itself as a reaction to certain acceptable activities on the network. – The greatest advantage of this detection method is its exceptional efficiency in detecting previously unknown security threats.
Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Stateful protocol analysis is a process of comparing predefined operation profiles with the specific data flow of that protocol on the network. – Predefined profiles of operation of a protocol are defined by the manufacturers of IDP devices and they identify everything that is acceptable or not acceptable in the exchange of messages in a protocol. – Unlike anomaly-based detection, where profiles are created based on the hosts or specific activities on the network, stateful protocolanalysis uses general profiles generated by the equipment manufacturers. – Most IDP systems use several detection methods simultaneously, thus enabling a more comprehensive and precise method of detection.
Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Testing tools are used for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, idses/ipses, routers and switches. – These test the traffic filtering devices' ability to detect and/or block dos attacks, spyware, backdoors, and attacks against applications such as IIS, SQL server and WINS (Windows Internet Name Service). – Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP
Intrusion Detection System (IDS) • Intrusion detection systems can be grouped into the following categories: – Host-based IDS – Network-based IDS – Intrusion prevention system (IPS)
Host-based intrusion detection systems • Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. • They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. • Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
Host-based intrusion detection systems • Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. • Because attackers mainly focus on operating system vulnerabilities to break into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
Network-based intrusion detection systems • Network traffic based IDSs capture network traffic to detect intruders. • Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. • Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI and XNS, are vulnerable to attack and require additional ways to detect malicious events. • Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed. • NetBEUI (NetBIOS Extended User Interface) • XNS (Xerox Network Systems)
Intrusion prevention system (IPS) • An IPS is a network security tool that can not only detect intruders, but also prevent them from successfully launching any known attack. • Intrusion prevention systems combine the abilities of firewalls and intrusion detection systems. • However, implementing an IPS on an effective scale can be costly, so businesses should carefully assess their IT risks before making the investment. • Moreover, some intrusion prevention systems are not as fast and robust as some firewalls and intrusion detection systems, so an IPS might not be an appropriate solution when speed is an absolute requirement.
Intrusion prevention system (IPS) • When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. • You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. • It is always recommended to run IPS in test mode for a while to thoroughly understand their behaviour.
List of Open Source IDS / IPS Tools 1. Cisco NGIPS 2. Corelight 3. Fidelis Network 4. FireEye Intrusion Prevention System 5. Hillstone S-Series 6. McAfee Network Security Platform 7. Snort. 8. Suricata 9. Bro (Zeek) 10. OSSEC 11. Samhain Labs 12. OpenDLP

Recommended

FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commerce
hidivin652
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
TikdiPatel
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
SAurabh PRajapati
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and prevention
Nicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 

Recommended

FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commerce
hidivin652
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
TikdiPatel
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
SAurabh PRajapati
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and prevention
Nicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network Security
Jitin Kollamkudy
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
MohammedAlmuhaimeed
 
Idps
IdpsIdps
Idps
GNANARAJA R
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
idps
idpsidps
idps
iskrene
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
ssuserc517ee1
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Aparna Bhadran
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
DrRajapraveen
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
Tapan Khilar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
elipanganiban15
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
RoyBokhiriya
 
012
012012
012
chatakondu karthik uday bhaskar
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusion
Kishor Datta Gupta
 
Ids
IdsIds
Ids
Savyasachi14
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
IRJET Journal
 
ids.ppt
ids.pptids.ppt
ids.ppt
Agostinho9
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 

More Related Content

Similar to FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf

Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network Security
Jitin Kollamkudy
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
MohammedAlmuhaimeed
 
Idps
IdpsIdps
Idps
GNANARAJA R
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
idps
idpsidps
idps
iskrene
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
ssuserc517ee1
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Aparna Bhadran
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
DrRajapraveen
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
Tapan Khilar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
elipanganiban15
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
RoyBokhiriya
 
012
012012
012
chatakondu karthik uday bhaskar
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusion
Kishor Datta Gupta
 
Ids
IdsIds
Ids
Savyasachi14
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
IRJET Journal
 
ids.ppt
ids.pptids.ppt
ids.ppt
Agostinho9
 

Similar to FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf (20)

Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Network Security
Network SecurityNetwork Security
Network Security
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
 
Idps
IdpsIdps
Idps
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
idps
idpsidps
idps
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
012
012012
012
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusion
 
Ids
IdsIds
Ids
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
 
ids.ppt
ids.pptids.ppt
ids.ppt
 

Recently uploaded

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 

Recently uploaded (20)

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf

  • 2. Intrusion Detection System (IDS) • IDP (intrusion detection and prevention) network intrusion detection (ID) is based on monitoring the operation of computer systems or `networks and analyzing the processes they perform, which can point to certain incidents. • Incidents are events posing a threat to or violating defined security policies, violating AUP (acceptable use policy) rules, or generally accepted security norms. • They appear as a result of the operation of various malware programmes (e.G., Worms, spyware, viruses, and trojans), as a result of attempts at unauthorized access to a system through public infrastructure (internet), or as a result of the operation of authorized system users who abuse their privileges.
  • 3. Intrusion Detection System (IDS) Network intrusion detection (NID) • It includes the process of detecting network intrusion events, but not includes the process of preventing and blocking detected or potential network incidents. Network intrusion detection and prevention systems (NIDP) • They are based on identifying potential incidents, logging information about them, attempting to prevent them and alerting the administrators responsible for security. • In addition to this basic function, NIDP systems can also be used to identify problems concerning the adopted security policies, to document existing security threats and to discourage individuals from violating security rules. • NIDP systems use various incident detection methods.
  • 4. Intrusion Detection System (IDS) • There are three primary classes of detection methodology: – 1. Signature-based detection – 2. Anomaly-based detection – 3. Detection based on stateful protocol analysis
  • 5. Intrusion Detection System (IDS) 1. Signature-based detection – certain security threats can be detected based on the characteristic manner in which they appear. – The behaviour of an already detected security threat, described in a form that can be used for the detection of any subsequent appearance of the same threat, is called an attack signature. – This detection method, based on the characteristic signature of an attack, is a process of comparing the known forms in which the threat has appeared with the specific network traffic in order to identify certain incidents.
  • 6. Intrusion Detection System (IDS) 1. Signature-based detection – Although it can be very efficient in detecting the subsequent appearance of known threats, this detection method is extremely inefficient in the detection of completely unknown threats, of threats hidden by using various techniques, and of already known threats that have somehow been modified in the meantime. – It is considered the simplest detection method and it cannot be used for monitoring and analysing the state of certain, more complex forms of communication.
  • 7. Intrusion Detection System (IDS) 2. Anomaly-based detection – This method of IDP is based on detecting anomalies in a specific traffic flow in the network. – Anomaly detection is performed, based on the defined profile of acceptable traffic and its comparison with the specific traffic in the network. – Acceptable traffic profiles are formed by tracking the typical characteristics of the traffic in the network during a certain period of time (e.g., The number of email messages sent by a user, and the number of attempts to log in to a host, or the level of utilization of the processor in a given time interval). – These characteristics of the behaviour of users, hosts, connections or applications in the same time interval are then considered to be completely acceptable.
  • 8. Intrusion Detection System (IDS) 2. Anomaly-based detection – However, acceptable-behaviour profiles can unintentionally contain certain security threats, which lead to problems in their application. – Likewise, imprecisely defined profiles of acceptable behaviour can cause numerous alarms, generated by the system itself as a reaction to certain acceptable activities on the network. – The greatest advantage of this detection method is its exceptional efficiency in detecting previously unknown security threats.
  • 9. Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Stateful protocol analysis is a process of comparing predefined operation profiles with the specific data flow of that protocol on the network. – Predefined profiles of operation of a protocol are defined by the manufacturers of IDP devices and they identify everything that is acceptable or not acceptable in the exchange of messages in a protocol. – Unlike anomaly-based detection, where profiles are created based on the hosts or specific activities on the network, stateful protocolanalysis uses general profiles generated by the equipment manufacturers. – Most IDP systems use several detection methods simultaneously, thus enabling a more comprehensive and precise method of detection.
  • 10. Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Testing tools are used for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, idses/ipses, routers and switches. – These test the traffic filtering devices' ability to detect and/or block dos attacks, spyware, backdoors, and attacks against applications such as IIS, SQL server and WINS (Windows Internet Name Service). – Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP
  • 11. Intrusion Detection System (IDS) • Intrusion detection systems can be grouped into the following categories: – Host-based IDS – Network-based IDS – Intrusion prevention system (IPS)
  • 12. Host-based intrusion detection systems • Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. • They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. • Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
  • 13. Host-based intrusion detection systems • Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. • Because attackers mainly focus on operating system vulnerabilities to break into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
  • 14. Network-based intrusion detection systems • Network traffic based IDSs capture network traffic to detect intruders. • Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. • Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI and XNS, are vulnerable to attack and require additional ways to detect malicious events. • Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed. • NetBEUI (NetBIOS Extended User Interface) • XNS (Xerox Network Systems)
  • 15. Intrusion prevention system (IPS) • An IPS is a network security tool that can not only detect intruders, but also prevent them from successfully launching any known attack. • Intrusion prevention systems combine the abilities of firewalls and intrusion detection systems. • However, implementing an IPS on an effective scale can be costly, so businesses should carefully assess their IT risks before making the investment. • Moreover, some intrusion prevention systems are not as fast and robust as some firewalls and intrusion detection systems, so an IPS might not be an appropriate solution when speed is an absolute requirement.
  • 16. Intrusion prevention system (IPS) • When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. • You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. • It is always recommended to run IPS in test mode for a while to thoroughly understand their behaviour.
  • 17. List of Open Source IDS / IPS Tools 1. Cisco NGIPS 2. Corelight 3. Fidelis Network 4. FireEye Intrusion Prevention System 5. Hillstone S-Series 6. McAfee Network Security Platform 7. Snort. 8. Suricata 9. Bro (Zeek) 10. OSSEC 11. Samhain Labs 12. OpenDLP