SlideShare a Scribd company logo
Discussion Topics:
IPS and Its Types
Kerberos Authentication Protocol
Group members:
Mohsin Iqbal (1596)
Arslan Khaliq (1582)
Saeed –ur- Rehman (1607)
Usman Ali (1622)
Presented to:
Mr. Farhat Mehmood
Need for Intrusion Prevention System
 Today, viruses, worms, and several other invading malicious codes and
programs proliferate widely on the Internet. With the environment
becoming increasingly hostile, networks are easy targets because the
infection can spread across the network rapidly.
 Networks need to be designed and equipped with sophisticated
intelligence to diagnose and mitigate threats in real-time.
What is IPS?
 Intrusion Prevention System (IPS) is any device (hardware or software) that
has the ability to detect attacks, both known and unknown and prevent the
attack from being successful.
 Major functions of intrusion prevention systems are to identify malicious
activity, collect information about this activity, report it and attempt to block
or stop it.
 Active response security solution. Early Detection, proactive technique, early
prevent the attack, when an attack is identified then blocks the offending
data
 IPS design is to enhance data processing ability, intelligent, accurate of it self.
 IPS’s include firewalls, anti-virus software and anti-spoofing software.
Objectives
 The main objectives of intrusion prevention systems are:
Identification of malicious activity
Log information about said activity
Attempt to block/stop harmful activity
Report malevolent activity.
IPS’S DETECTION METHOD
 The majority of intrusion prevention systems utilize one of two detection
methods:
1. Signature-based Detection
2. Statistical anomaly-based or Knowledge-based Detection
How An IPS Works
 An intrusion prevention system works by actively scanning forwarded
network traffic for malicious activities and known attack patterns. The
IPS engine analyzes network traffic and continuously compares the
bitstream with its internal signature database for known attack
patterns.
 An IPS might drop a packet determined to be malicious, and follow up
this action by blocking all future traffic from the attacker’s IP address
or port. Legitimate traffic can continue without any perceived
disruption in service.
IPS Classifications
 Network-based intrusion prevention system (NIPS): Analyzes protocol
activity across the entire network, looking for any untrustworthy traffic.
 Wireless intrusion prevention system (WIPS): Analyzes network protocol
activity across the entire wireless network, looking for any untrustworthy
traffic.
 Host-based intrusion prevention system (HIPS): A secondary software
package that follows a single host for malicious activity, and analyzes events
occurring within said host.
 Network behavior analysis (NBA): Examines network traffic to identify
threats that generate strange traffic flows. The most common threats being
distributed denial of service attacks.
Types of IPS
1. Inline network intrusion protection systems.
2. Layer seven switches.
3. Application firewalls.
4. Hybrid switches.
5. Deceptive applications.
1.INLINE NETWORK IPS
 It is configured with two NICs, one for management and one for detection.
 NIC that is configured for detection usually does not have an IP address
assigned .
 It works by sitting between the systems that need to be protected and the rest
of the network.
 It inspects the packet for any vulnerabilities that it is configured to look for.
2. LAYER SEVEN SWITCHES
• Placing these devices in front of your firewalls would give protection for the
entire network.
• However the drawbacks are that they can only stop attacks that they know
about.
• The only attack they can stop that most others IPS can’t are the DoS attacks.
3. APPLICATION FIREWALLS
• These IPSs are loaded on each server that is to be protected.
• These types of IPSs are customizable to each application that they are to
protect.
• It profiles a system before protecting it. During the profiling it watches the
user’s interaction with the application and the applications interaction with
the operating system to determine what legitimate interaction looks like.
• The drawback is that when the application is updated it might have to be
profiled again.
4. HYBRID SWITCHES
 They inspect specific traffic for malicious content as has been configured
 Hybrid switch works in similar manner to layer seven switch, but has
detailed knowledge of the web server and the application that sits on top of
the web server.
 It also fails , if the user’s request does not match any of the permitted
requests.
5. DECEPTIVE APPLICATIONS
 It watches all your network traffic and figures out what is good traffic.
 When an attacker attempts to connect to services that do not exist, it will
send back a response to the attacker
 The response will be “marked” with some bogus data. When the attacker
comes back again and tries to exploit the server the IPS will see the
“marked” data and stop all traffic coming from the attacker.
Kerberos Authentication Protocol
 Kerberos is a computer network authentication protocol.
 It helps the user to prove its identity to various services .
 Don't require user to enter password every time a service is
requested.
 Developed at MIT in the mid 1980s..
What’s with the 3 heads?
 Authentication
Confirms that a user who is requesting services.
 Authorization
Granting of specific types of services to a user based on their
authentication.
 Accounting
The tracking of the consumption of network resources by users.
Kerberos vs Firewall
 Firewalls make a risky assumption: that attackers are coming from the
outside. In reality, attacks frequently come from within.
 Kerberos assumes that network connections (rather than servers and work
stations) are the weak link in network security.
It consists of following 3 components
 Client
 Authentication Server or Key Distribution Server (KDC)
 Server
Architecture
Kerberos Exchanges
 Authentication Service (AS)
 Ticket Granting Service (TGS)
 Client Server (CS)
AS Exchange
 Exchange between client and Authentication Server (KDC)
 Client sends KRB_AS_REQ msg to KDC specifying credentials it
wants
 Server replies with msg KRB_AS_REP containing the ticket and
session key
 The Session key is encrypted with client’s secret key
 The TGT is encrypted with server’s secret key
 The encryption type is DES by default
TGS Exchange
 Is used to obtain additional tickets for the servers.
 Doesn’t need client’s secret key for encryption
 Transparent to the user
 TGS must have access to all secret keys
 But encrypts the ticket using server’s secret key
 Client sends KRB_TGS_REQ to the TGS server
 Server replies KRB_TGS_REP to the client with ticket
CS Exchange
 Client contacts with the real server
 Client sends KRB_AP_REQ to the server specifying the service
 Server validates client by decrypting ticket with server’s secret key and
decrypting authenticator with sessions key contained in ticket
 Server optionally replies with KRB_AP_REP
Limitations
 Only provides authentication
 Central Authentication server
 Assumes relatively secure hosts on an insecure network
Ips and its types

More Related Content

What's hot

Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems  and Intrusion Prevention Systems Intrusion Detection Systems  and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
Eng. Mohammed Ahmed Siddiqui
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
Netwax Lab
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and DemeritsSignature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
david rom
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environments
Mohamed Jelidi
 
IDS/IPS security
IDS/IPS securityIDS/IPS security
IDS/IPS security
Clarejenson
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
david rom
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Preshan Pradeepa
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection Systems
Paul Green
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Devil's Cafe
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
IPS Product Comparison of Cisco 4255 & TippingPoint 5000E
IPS Product Comparison of Cisco 4255 & TippingPoint 5000EIPS Product Comparison of Cisco 4255 & TippingPoint 5000E
IPS Product Comparison of Cisco 4255 & TippingPoint 5000E
allengalvan
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
AAKASH S
 
Ids(final)
Ids(final)Ids(final)

What's hot (19)

Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems  and Intrusion Prevention Systems Intrusion Detection Systems  and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and DemeritsSignature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environments
 
IDS/IPS security
IDS/IPS securityIDS/IPS security
IDS/IPS security
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection Systems
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
IPS Product Comparison of Cisco 4255 & TippingPoint 5000E
IPS Product Comparison of Cisco 4255 & TippingPoint 5000EIPS Product Comparison of Cisco 4255 & TippingPoint 5000E
IPS Product Comparison of Cisco 4255 & TippingPoint 5000E
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
 

Similar to Ips and its types

Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
DrRajapraveen
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
Влад Панасенко
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEM
Bhushan Gajare
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
IDS n IPS
IDS n IPSIDS n IPS
Idps
IdpsIdps
Idps
iskrena
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
MohammedAlmuhaimeed
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptx
RebeccaMunasheChimhe
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
IS-Types of IDPSs.pptx
IS-Types of IDPSs.pptxIS-Types of IDPSs.pptx
IS-Types of IDPSs.pptx
V.V.Vanniaperumal College for Women
 
IDS (intrusion detection system)
IDS (intrusion detection system)IDS (intrusion detection system)
IDS (intrusion detection system)
Netwax Lab
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
N44096972
N44096972N44096972
N44096972
IJERA Editor
 
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Editor IJMTER
 
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFADYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
IJNSA Journal
 
G0421040042
G0421040042G0421040042
G0421040042
ijceronline
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
Shyam Kumar Singh
 

Similar to Ips and its types (20)

Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEM
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
Idps
IdpsIdps
Idps
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptx
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
 
IS-Types of IDPSs.pptx
IS-Types of IDPSs.pptxIS-Types of IDPSs.pptx
IS-Types of IDPSs.pptx
 
IDS (intrusion detection system)
IDS (intrusion detection system)IDS (intrusion detection system)
IDS (intrusion detection system)
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
N44096972
N44096972N44096972
N44096972
 
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
 
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFADYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
 
G0421040042
G0421040042G0421040042
G0421040042
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
 

Recently uploaded

NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...
NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...
NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...
Payaamvohra1
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17
Celine George
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
EduSkills OECD
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
IsmaelVazquez38
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
khuleseema60
 
Simple-Present-Tense xxxxxxxxxxxxxxxxxxx
Simple-Present-Tense xxxxxxxxxxxxxxxxxxxSimple-Present-Tense xxxxxxxxxxxxxxxxxxx
Simple-Present-Tense xxxxxxxxxxxxxxxxxxx
RandolphRadicy
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapitolTechU
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray  (9)Bonku-Babus-Friend by Sathyajith Ray  (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
nitinpv4ai
 
Educational Technology in the Health Sciences
Educational Technology in the Health SciencesEducational Technology in the Health Sciences
Educational Technology in the Health Sciences
Iris Thiele Isip-Tan
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر   أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر   أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
سمير بسيوني
 
How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17
Celine George
 
Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)
nitinpv4ai
 
Juneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School DistrictJuneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School District
David Douglas School District
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
giancarloi8888
 

Recently uploaded (20)

NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...
NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...
NIPER 2024 MEMORY BASED QUESTIONS.ANSWERS TO NIPER 2024 QUESTIONS.NIPER JEE 2...
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17How to Setup Default Value for a Field in Odoo 17
How to Setup Default Value for a Field in Odoo 17
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
 
Simple-Present-Tense xxxxxxxxxxxxxxxxxxx
Simple-Present-Tense xxxxxxxxxxxxxxxxxxxSimple-Present-Tense xxxxxxxxxxxxxxxxxxx
Simple-Present-Tense xxxxxxxxxxxxxxxxxxx
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray  (9)Bonku-Babus-Friend by Sathyajith Ray  (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
 
Educational Technology in the Health Sciences
Educational Technology in the Health SciencesEducational Technology in the Health Sciences
Educational Technology in the Health Sciences
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر   أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر   أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
 
How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17How to Manage Reception Report in Odoo 17
How to Manage Reception Report in Odoo 17
 
Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)
 
Juneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School DistrictJuneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School District
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
 

Ips and its types

  • 1.
  • 2. Discussion Topics: IPS and Its Types Kerberos Authentication Protocol Group members: Mohsin Iqbal (1596) Arslan Khaliq (1582) Saeed –ur- Rehman (1607) Usman Ali (1622) Presented to: Mr. Farhat Mehmood
  • 3. Need for Intrusion Prevention System  Today, viruses, worms, and several other invading malicious codes and programs proliferate widely on the Internet. With the environment becoming increasingly hostile, networks are easy targets because the infection can spread across the network rapidly.  Networks need to be designed and equipped with sophisticated intelligence to diagnose and mitigate threats in real-time.
  • 4. What is IPS?  Intrusion Prevention System (IPS) is any device (hardware or software) that has the ability to detect attacks, both known and unknown and prevent the attack from being successful.  Major functions of intrusion prevention systems are to identify malicious activity, collect information about this activity, report it and attempt to block or stop it.  Active response security solution. Early Detection, proactive technique, early prevent the attack, when an attack is identified then blocks the offending data  IPS design is to enhance data processing ability, intelligent, accurate of it self.  IPS’s include firewalls, anti-virus software and anti-spoofing software.
  • 5.
  • 6. Objectives  The main objectives of intrusion prevention systems are: Identification of malicious activity Log information about said activity Attempt to block/stop harmful activity Report malevolent activity. IPS’S DETECTION METHOD  The majority of intrusion prevention systems utilize one of two detection methods: 1. Signature-based Detection 2. Statistical anomaly-based or Knowledge-based Detection
  • 7. How An IPS Works  An intrusion prevention system works by actively scanning forwarded network traffic for malicious activities and known attack patterns. The IPS engine analyzes network traffic and continuously compares the bitstream with its internal signature database for known attack patterns.  An IPS might drop a packet determined to be malicious, and follow up this action by blocking all future traffic from the attacker’s IP address or port. Legitimate traffic can continue without any perceived disruption in service.
  • 8. IPS Classifications  Network-based intrusion prevention system (NIPS): Analyzes protocol activity across the entire network, looking for any untrustworthy traffic.  Wireless intrusion prevention system (WIPS): Analyzes network protocol activity across the entire wireless network, looking for any untrustworthy traffic.  Host-based intrusion prevention system (HIPS): A secondary software package that follows a single host for malicious activity, and analyzes events occurring within said host.  Network behavior analysis (NBA): Examines network traffic to identify threats that generate strange traffic flows. The most common threats being distributed denial of service attacks.
  • 9. Types of IPS 1. Inline network intrusion protection systems. 2. Layer seven switches. 3. Application firewalls. 4. Hybrid switches. 5. Deceptive applications.
  • 10. 1.INLINE NETWORK IPS  It is configured with two NICs, one for management and one for detection.  NIC that is configured for detection usually does not have an IP address assigned .  It works by sitting between the systems that need to be protected and the rest of the network.  It inspects the packet for any vulnerabilities that it is configured to look for.
  • 11. 2. LAYER SEVEN SWITCHES • Placing these devices in front of your firewalls would give protection for the entire network. • However the drawbacks are that they can only stop attacks that they know about. • The only attack they can stop that most others IPS can’t are the DoS attacks.
  • 12. 3. APPLICATION FIREWALLS • These IPSs are loaded on each server that is to be protected. • These types of IPSs are customizable to each application that they are to protect. • It profiles a system before protecting it. During the profiling it watches the user’s interaction with the application and the applications interaction with the operating system to determine what legitimate interaction looks like. • The drawback is that when the application is updated it might have to be profiled again.
  • 13. 4. HYBRID SWITCHES  They inspect specific traffic for malicious content as has been configured  Hybrid switch works in similar manner to layer seven switch, but has detailed knowledge of the web server and the application that sits on top of the web server.  It also fails , if the user’s request does not match any of the permitted requests.
  • 14. 5. DECEPTIVE APPLICATIONS  It watches all your network traffic and figures out what is good traffic.  When an attacker attempts to connect to services that do not exist, it will send back a response to the attacker  The response will be “marked” with some bogus data. When the attacker comes back again and tries to exploit the server the IPS will see the “marked” data and stop all traffic coming from the attacker.
  • 15. Kerberos Authentication Protocol  Kerberos is a computer network authentication protocol.  It helps the user to prove its identity to various services .  Don't require user to enter password every time a service is requested.  Developed at MIT in the mid 1980s..
  • 16. What’s with the 3 heads?  Authentication Confirms that a user who is requesting services.  Authorization Granting of specific types of services to a user based on their authentication.  Accounting The tracking of the consumption of network resources by users.
  • 17. Kerberos vs Firewall  Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within.  Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.
  • 18. It consists of following 3 components  Client  Authentication Server or Key Distribution Server (KDC)  Server Architecture
  • 19. Kerberos Exchanges  Authentication Service (AS)  Ticket Granting Service (TGS)  Client Server (CS)
  • 20. AS Exchange  Exchange between client and Authentication Server (KDC)  Client sends KRB_AS_REQ msg to KDC specifying credentials it wants  Server replies with msg KRB_AS_REP containing the ticket and session key  The Session key is encrypted with client’s secret key  The TGT is encrypted with server’s secret key  The encryption type is DES by default
  • 21. TGS Exchange  Is used to obtain additional tickets for the servers.  Doesn’t need client’s secret key for encryption  Transparent to the user  TGS must have access to all secret keys  But encrypts the ticket using server’s secret key  Client sends KRB_TGS_REQ to the TGS server  Server replies KRB_TGS_REP to the client with ticket
  • 22. CS Exchange  Client contacts with the real server  Client sends KRB_AP_REQ to the server specifying the service  Server validates client by decrypting ticket with server’s secret key and decrypting authenticator with sessions key contained in ticket  Server optionally replies with KRB_AP_REP Limitations  Only provides authentication  Central Authentication server  Assumes relatively secure hosts on an insecure network