SlideShare a Scribd company logo

Lesson 3- Effectiveness of IDPS

Download as PPT, PDF
M
MLG College of Learning, Inc

chapter 7

Education
1 of 21
Principles of Information Security, Fifth Edition Chapter 7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools Do not wait; the time will never be just right. Start where you stand and work with whatever tools you may have at your command, and better tools will be found as you go along. NAPOLEON HILL (1883–1970) FOUNDER OF THE SCIENCE of SUCCESS Lesson 3 – Effectivene ss of IDPS
Learning Objectives • Upon completion of this material, you should be able to: – Identify and describe the categories and models of intrusion detection and prevention systems – Describe the detection approaches employed by modern intrusion detection and prevention systems – Define and describe honeypots, honeynets, and padded cell systems – List and define the major categories of scanning and analysis tools, and describe the specific tools used within each category Principles of Information Security, Fifth Edition 2
Measuring the Effectiveness of IDPSs • IDPSs are evaluated using four dominant metrics: thresholds, blacklists and whitelists, alert settings, and code viewing and editing. • Evaluation of IDPS might read: At 100 Mb/s, IDPS was able to detect 97 percent of directed attacks. • Because developing this collection can be tedious, most IDPS vendors provide testing mechanisms to verify systems are performing as expected. Principles of Information Security, Fifth Edition 3
Measuring the Effectiveness of IDPSs (cont’d) • Some of these testing processes will enable the administrator to: – Record and retransmit packets from real virus or worm scan – Record and retransmit packets from a real virus or worm scan with incomplete TCP/IP session connections (missing SYN packets) – Conduct a real virus or worm scan against a hardened or sacrificial system • Testing process should be as realistic as possible. Principles of Information Security, Fifth Edition 4
Honeypots, Honeynets, and Padded Cell Systems • Honeypots: decoy systems designed to lure potential attackers away from critical systems • Honeynets: several honeypots connected together on a network segment • Honeypots are designed to: – Divert attacker from accessing critical systems – Collect information about attacker’s activity – Encourage attacker to stay on a system long enough for administrators to document the event and perhaps respond Principles of Information Security, Fifth Edition 5
Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Padded cell system: protected honeypot that cannot be easily compromised • In addition to attracting attackers with tempting data, a padded cell operates in tandem with a traditional IDPS. • When the IDPS detects attackers, padded cell system seamlessly transfers them to a special simulated environment where they can cause no harm—hence the name padded cell. Principles of Information Security, Fifth Edition 6
Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Advantages – Attackers can be diverted to targets they cannot damage. – Administrators have time to decide how to respond to an attacker. – Attackers’ actions can be easily and more extensively monitored, and records can be used to refine threat models and improve system protections. – Honeypots may be effective at catching insiders who are snooping around a network. Principles of Information Security, Fifth Edition 7
Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Disadvantages – Legal implications of using such devices are not well understood. – Honeypots and padded cells have not yet been shown to be generally useful security technologies. – An expert attacker, once diverted into a decoy system, may become angry and launch a more aggressive attack against an organization’s systems. – Administrators and security managers need a high level of expertise to use these systems. Principles of Information Security, Fifth Edition 8
Trap-and-Trace Systems • Use a combination of techniques to detect an intrusion and trace it back to its source • Trap usually consists of a honeypot or a padded cell and alarm. • Legal drawbacks to trap and trace – Enticement: act of attracting attention to system by placing tantalizing information in key locations – Entrapment: act of luring an individual into committing a crime to get a conviction – Enticement is legal and ethical, entrapment is not. Principles of Information Security, Fifth Edition 9
Active Intrusion Prevention • Some organizations implement active countermeasures. • One tool (LaBrea) takes up unused IP address space to pretend to be a computer and allow attackers to complete a connection request, but then holds connection open. Principles of Information Security, Fifth Edition 10
Scanning and Analysis Tools • Scanning tools typically are used to collect information that an attacker needs to launch a successful attack. • Attack protocol is a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. • Footprinting: process of collecting publicly available information about a potential target Principles of Information Security, Fifth Edition 11
Scanning and Analysis Tools (cont’d) • Fingerprinting: systematic survey of target organization’s Internet addresses collected during the footprinting phase to identify network services offered by hosts in that range • Fingerprinting reveals useful information about the internal structure and nature of the target system or network to be attacked. • These tools are valuable to the network defender since they can quickly pinpoint the parts of the systems or network that need a prompt repair to close vulnerabilities. Principles of Information Security, Fifth Edition 12
Port Scanners • Tools used by both attackers and defenders to identify/fingerprint computers active on a network and other useful information • Can either perform generic scans or those for specific types of computers, protocols, or resources • The more specific the scanner is, the more useful its information is to attackers and defenders. Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Firewall Analysis Tools • Several tools automate remote discovery of firewall rules and assist the administrator/attacker in analyzing them. • Administrators who feel wary of using the same tools that attackers use should remember: – User intent dictates how gathered information will be used. – To defend a computer or network well, administrators must understand ways it can be attacked. • A tool that can help close an open or poorly configured firewall will help the network defender minimize risk from attack. Principles of Information Security, Fifth Edition 15
Operating System Detection Tools • Ability to detect a target computer’s operating system (OS) is very valuable to an attacker. – Once OS is known, the attacker can easily determine the vulnerabilities to which it is susceptible. • Many tools use networking protocols to determine a remote computer’s OS. Principles of Information Security, Fifth Edition 16
Vulnerability Scanners • Active vulnerability scanners examine networks for highly detailed information and initiate traffic to determine security holes. • Passive vulnerability scanners listen in on network and identify the vulnerable versions of both server and client software. • Passive vulnerability scanners have the ability to find client-side vulnerabilities typically not found in active scanners. Principles of Information Security, Fifth Edition 17
Packet Sniffers • Network tool that captures copies of packets from network and analyzes them • Can provide network administrator with valuable information for diagnosing and resolving networking issues • In the wrong hands, a sniffer can be used to eavesdrop on network traffic. • To use packet sniffers legally, an administrator must be on a network that the organization owns, be under direct authorization of owners of the network, and have knowledge and consent of the content’s creators. Principles of Information Security, Fifth Edition 18
Wireless Security Tools • An organization that spends its time securing a wired network while ignoring wireless networks is exposing itself to a security breach. • Security professionals must assess the risk of wireless networks. • A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Principles of Information Security, Fifth Edition 19
Summary • Intrusion detection system (IDPS) detects violation of its configuration and activates alarm. • Network-based IDPS (NIDPS) versus host-based IDPS (HIDPS) • Selecting IDPS products that best fit an organization’s needs is challenging and complex. • Honeypots are decoy systems; two variations are known as honeynets and padded cell systems. Principles of Information Security, Fifth Edition 20
Summary (cont’d) • Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in security components, and unsecured aspects of a network. Principles of Information Security, Fifth Edition 21

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptxSiphamandla9
 
Lessson 1
Lessson 1Lessson 1
Lessson 1MLG College of Learning, Inc
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDSHitesh Mohapatra
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptxSiphamandla9
 
Lessson 1
Lessson 1Lessson 1
Lessson 1MLG College of Learning, Inc
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDSHitesh Mohapatra
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingEric Jernigan MSIA, CISSP, CISM, CRISC
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 

More Related Content

What's hot

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 

What's hot (20)

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Information security
Information securityInformation security
Information security
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 

Similar to Lesson 3- Effectiveness of IDPS

Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxronnasleightholm
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourKasper de Waard
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detectionPiyu Karande
 
Top 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfTop 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfDipak Tiwari
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksEditor IJCATR
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 

Similar to Lesson 3- Effectiveness of IDPS (20)

Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviour
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detection
 
Top 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfTop 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdf
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer Networks
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 

Recently uploaded (20)

Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 

Lesson 3- Effectiveness of IDPS

  • 1. Principles of Information Security, Fifth Edition Chapter 7 Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools Do not wait; the time will never be just right. Start where you stand and work with whatever tools you may have at your command, and better tools will be found as you go along. NAPOLEON HILL (1883–1970) FOUNDER OF THE SCIENCE of SUCCESS Lesson 3 – Effectivene ss of IDPS
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Identify and describe the categories and models of intrusion detection and prevention systems – Describe the detection approaches employed by modern intrusion detection and prevention systems – Define and describe honeypots, honeynets, and padded cell systems – List and define the major categories of scanning and analysis tools, and describe the specific tools used within each category Principles of Information Security, Fifth Edition 2
  • 3. Measuring the Effectiveness of IDPSs • IDPSs are evaluated using four dominant metrics: thresholds, blacklists and whitelists, alert settings, and code viewing and editing. • Evaluation of IDPS might read: At 100 Mb/s, IDPS was able to detect 97 percent of directed attacks. • Because developing this collection can be tedious, most IDPS vendors provide testing mechanisms to verify systems are performing as expected. Principles of Information Security, Fifth Edition 3
  • 4. Measuring the Effectiveness of IDPSs (cont’d) • Some of these testing processes will enable the administrator to: – Record and retransmit packets from real virus or worm scan – Record and retransmit packets from a real virus or worm scan with incomplete TCP/IP session connections (missing SYN packets) – Conduct a real virus or worm scan against a hardened or sacrificial system • Testing process should be as realistic as possible. Principles of Information Security, Fifth Edition 4
  • 5. Honeypots, Honeynets, and Padded Cell Systems • Honeypots: decoy systems designed to lure potential attackers away from critical systems • Honeynets: several honeypots connected together on a network segment • Honeypots are designed to: – Divert attacker from accessing critical systems – Collect information about attacker’s activity – Encourage attacker to stay on a system long enough for administrators to document the event and perhaps respond Principles of Information Security, Fifth Edition 5
  • 6. Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Padded cell system: protected honeypot that cannot be easily compromised • In addition to attracting attackers with tempting data, a padded cell operates in tandem with a traditional IDPS. • When the IDPS detects attackers, padded cell system seamlessly transfers them to a special simulated environment where they can cause no harm—hence the name padded cell. Principles of Information Security, Fifth Edition 6
  • 7. Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Advantages – Attackers can be diverted to targets they cannot damage. – Administrators have time to decide how to respond to an attacker. – Attackers’ actions can be easily and more extensively monitored, and records can be used to refine threat models and improve system protections. – Honeypots may be effective at catching insiders who are snooping around a network. Principles of Information Security, Fifth Edition 7
  • 8. Honeypots, Honeynets, and Padded Cell Systems (cont’d) • Disadvantages – Legal implications of using such devices are not well understood. – Honeypots and padded cells have not yet been shown to be generally useful security technologies. – An expert attacker, once diverted into a decoy system, may become angry and launch a more aggressive attack against an organization’s systems. – Administrators and security managers need a high level of expertise to use these systems. Principles of Information Security, Fifth Edition 8
  • 9. Trap-and-Trace Systems • Use a combination of techniques to detect an intrusion and trace it back to its source • Trap usually consists of a honeypot or a padded cell and alarm. • Legal drawbacks to trap and trace – Enticement: act of attracting attention to system by placing tantalizing information in key locations – Entrapment: act of luring an individual into committing a crime to get a conviction – Enticement is legal and ethical, entrapment is not. Principles of Information Security, Fifth Edition 9
  • 10. Active Intrusion Prevention • Some organizations implement active countermeasures. • One tool (LaBrea) takes up unused IP address space to pretend to be a computer and allow attackers to complete a connection request, but then holds connection open. Principles of Information Security, Fifth Edition 10
  • 11. Scanning and Analysis Tools • Scanning tools typically are used to collect information that an attacker needs to launch a successful attack. • Attack protocol is a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. • Footprinting: process of collecting publicly available information about a potential target Principles of Information Security, Fifth Edition 11
  • 12. Scanning and Analysis Tools (cont’d) • Fingerprinting: systematic survey of target organization’s Internet addresses collected during the footprinting phase to identify network services offered by hosts in that range • Fingerprinting reveals useful information about the internal structure and nature of the target system or network to be attacked. • These tools are valuable to the network defender since they can quickly pinpoint the parts of the systems or network that need a prompt repair to close vulnerabilities. Principles of Information Security, Fifth Edition 12
  • 13. Port Scanners • Tools used by both attackers and defenders to identify/fingerprint computers active on a network and other useful information • Can either perform generic scans or those for specific types of computers, protocols, or resources • The more specific the scanner is, the more useful its information is to attackers and defenders. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Firewall Analysis Tools • Several tools automate remote discovery of firewall rules and assist the administrator/attacker in analyzing them. • Administrators who feel wary of using the same tools that attackers use should remember: – User intent dictates how gathered information will be used. – To defend a computer or network well, administrators must understand ways it can be attacked. • A tool that can help close an open or poorly configured firewall will help the network defender minimize risk from attack. Principles of Information Security, Fifth Edition 15
  • 16. Operating System Detection Tools • Ability to detect a target computer’s operating system (OS) is very valuable to an attacker. – Once OS is known, the attacker can easily determine the vulnerabilities to which it is susceptible. • Many tools use networking protocols to determine a remote computer’s OS. Principles of Information Security, Fifth Edition 16
  • 17. Vulnerability Scanners • Active vulnerability scanners examine networks for highly detailed information and initiate traffic to determine security holes. • Passive vulnerability scanners listen in on network and identify the vulnerable versions of both server and client software. • Passive vulnerability scanners have the ability to find client-side vulnerabilities typically not found in active scanners. Principles of Information Security, Fifth Edition 17
  • 18. Packet Sniffers • Network tool that captures copies of packets from network and analyzes them • Can provide network administrator with valuable information for diagnosing and resolving networking issues • In the wrong hands, a sniffer can be used to eavesdrop on network traffic. • To use packet sniffers legally, an administrator must be on a network that the organization owns, be under direct authorization of owners of the network, and have knowledge and consent of the content’s creators. Principles of Information Security, Fifth Edition 18
  • 19. Wireless Security Tools • An organization that spends its time securing a wired network while ignoring wireless networks is exposing itself to a security breach. • Security professionals must assess the risk of wireless networks. • A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Principles of Information Security, Fifth Edition 19
  • 20. Summary • Intrusion detection system (IDPS) detects violation of its configuration and activates alarm. • Network-based IDPS (NIDPS) versus host-based IDPS (HIDPS) • Selecting IDPS products that best fit an organization’s needs is challenging and complex. • Honeypots are decoy systems; two variations are known as honeynets and padded cell systems. Principles of Information Security, Fifth Edition 20
  • 21. Summary (cont’d) • Scanning and analysis tools are used to pinpoint vulnerabilities in systems, holes in security components, and unsecured aspects of a network. Principles of Information Security, Fifth Edition 21