SlideShare a Scribd company logo

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf

T
thilakrajc

SYSTEM SECURITY

Technology
1 of 17
Download to read offline
Module-2 System Security
Intrusion Detection System (IDS) • IDP (intrusion detection and prevention) network intrusion detection (ID) is based on monitoring the operation of computer systems or `networks and analyzing the processes they perform, which can point to certain incidents. • Incidents are events posing a threat to or violating defined security policies, violating AUP (acceptable use policy) rules, or generally accepted security norms. • They appear as a result of the operation of various malware programmes (e.G., Worms, spyware, viruses, and trojans), as a result of attempts at unauthorized access to a system through public infrastructure (internet), or as a result of the operation of authorized system users who abuse their privileges.
Intrusion Detection System (IDS) Network intrusion detection (NID) • It includes the process of detecting network intrusion events, but not includes the process of preventing and blocking detected or potential network incidents. Network intrusion detection and prevention systems (NIDP) • They are based on identifying potential incidents, logging information about them, attempting to prevent them and alerting the administrators responsible for security. • In addition to this basic function, NIDP systems can also be used to identify problems concerning the adopted security policies, to document existing security threats and to discourage individuals from violating security rules. • NIDP systems use various incident detection methods.
Intrusion Detection System (IDS) • There are three primary classes of detection methodology: – 1. Signature-based detection – 2. Anomaly-based detection – 3. Detection based on stateful protocol analysis
Intrusion Detection System (IDS) 1. Signature-based detection – certain security threats can be detected based on the characteristic manner in which they appear. – The behaviour of an already detected security threat, described in a form that can be used for the detection of any subsequent appearance of the same threat, is called an attack signature. – This detection method, based on the characteristic signature of an attack, is a process of comparing the known forms in which the threat has appeared with the specific network traffic in order to identify certain incidents.
Intrusion Detection System (IDS) 1. Signature-based detection – Although it can be very efficient in detecting the subsequent appearance of known threats, this detection method is extremely inefficient in the detection of completely unknown threats, of threats hidden by using various techniques, and of already known threats that have somehow been modified in the meantime. – It is considered the simplest detection method and it cannot be used for monitoring and analysing the state of certain, more complex forms of communication.
Intrusion Detection System (IDS) 2. Anomaly-based detection – This method of IDP is based on detecting anomalies in a specific traffic flow in the network. – Anomaly detection is performed, based on the defined profile of acceptable traffic and its comparison with the specific traffic in the network. – Acceptable traffic profiles are formed by tracking the typical characteristics of the traffic in the network during a certain period of time (e.g., The number of email messages sent by a user, and the number of attempts to log in to a host, or the level of utilization of the processor in a given time interval). – These characteristics of the behaviour of users, hosts, connections or applications in the same time interval are then considered to be completely acceptable.
Intrusion Detection System (IDS) 2. Anomaly-based detection – However, acceptable-behaviour profiles can unintentionally contain certain security threats, which lead to problems in their application. – Likewise, imprecisely defined profiles of acceptable behaviour can cause numerous alarms, generated by the system itself as a reaction to certain acceptable activities on the network. – The greatest advantage of this detection method is its exceptional efficiency in detecting previously unknown security threats.
Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Stateful protocol analysis is a process of comparing predefined operation profiles with the specific data flow of that protocol on the network. – Predefined profiles of operation of a protocol are defined by the manufacturers of IDP devices and they identify everything that is acceptable or not acceptable in the exchange of messages in a protocol. – Unlike anomaly-based detection, where profiles are created based on the hosts or specific activities on the network, stateful protocolanalysis uses general profiles generated by the equipment manufacturers. – Most IDP systems use several detection methods simultaneously, thus enabling a more comprehensive and precise method of detection.
Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Testing tools are used for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, idses/ipses, routers and switches. – These test the traffic filtering devices' ability to detect and/or block dos attacks, spyware, backdoors, and attacks against applications such as IIS, SQL server and WINS (Windows Internet Name Service). – Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP
Intrusion Detection System (IDS) • Intrusion detection systems can be grouped into the following categories: – Host-based IDS – Network-based IDS – Intrusion prevention system (IPS)
Host-based intrusion detection systems • Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. • They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. • Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
Host-based intrusion detection systems • Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. • Because attackers mainly focus on operating system vulnerabilities to break into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
Network-based intrusion detection systems • Network traffic based IDSs capture network traffic to detect intruders. • Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. • Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI and XNS, are vulnerable to attack and require additional ways to detect malicious events. • Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed. • NetBEUI (NetBIOS Extended User Interface) • XNS (Xerox Network Systems)
Intrusion prevention system (IPS) • An IPS is a network security tool that can not only detect intruders, but also prevent them from successfully launching any known attack. • Intrusion prevention systems combine the abilities of firewalls and intrusion detection systems. • However, implementing an IPS on an effective scale can be costly, so businesses should carefully assess their IT risks before making the investment. • Moreover, some intrusion prevention systems are not as fast and robust as some firewalls and intrusion detection systems, so an IPS might not be an appropriate solution when speed is an absolute requirement.
Intrusion prevention system (IPS) • When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. • You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. • It is always recommended to run IPS in test mode for a while to thoroughly understand their behaviour.
List of Open Source IDS / IPS Tools 1. Cisco NGIPS 2. Corelight 3. Fidelis Network 4. FireEye Intrusion Prevention System 5. Hillstone S-Series 6. McAfee Network Security Platform 7. Snort. 8. Suricata 9. Bro (Zeek) 10. OSSEC 11. Samhain Labs 12. OpenDLP

Recommended

FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commercehidivin652
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPSSAurabh PRajapati
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 

Recommended

FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commercehidivin652
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPSSAurabh PRajapati
 
Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network SecurityJitin Kollamkudy
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention MohammedAlmuhaimeed
 
Idps
IdpsIdps
IdpsGNANARAJA R
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
idps
idpsidps
idpsiskrene
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptxDrRajapraveen
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptxTapan Khilar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptxRoyBokhiriya
 
012
012012
012chatakondu karthik uday bhaskar
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusionKishor Datta Gupta
 
Ids
IdsIds
IdsSavyasachi14
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
 
ids.ppt
ids.pptids.ppt
ids.pptAgostinho9
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

More Related Content

Similar to FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf

Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention MohammedAlmuhaimeed
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptxDrRajapraveen
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
 

Similar to FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf (20)

Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Network Security
Network SecurityNetwork Security
Network Security
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
 
Idps
IdpsIdps
Idps
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
idps
idpsidps
idps
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
012
012012
012
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusion
 
Ids
IdsIds
Ids
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
 
ids.ppt
ids.pptids.ppt
ids.ppt
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf

  • 2. Intrusion Detection System (IDS) • IDP (intrusion detection and prevention) network intrusion detection (ID) is based on monitoring the operation of computer systems or `networks and analyzing the processes they perform, which can point to certain incidents. • Incidents are events posing a threat to or violating defined security policies, violating AUP (acceptable use policy) rules, or generally accepted security norms. • They appear as a result of the operation of various malware programmes (e.G., Worms, spyware, viruses, and trojans), as a result of attempts at unauthorized access to a system through public infrastructure (internet), or as a result of the operation of authorized system users who abuse their privileges.
  • 3. Intrusion Detection System (IDS) Network intrusion detection (NID) • It includes the process of detecting network intrusion events, but not includes the process of preventing and blocking detected or potential network incidents. Network intrusion detection and prevention systems (NIDP) • They are based on identifying potential incidents, logging information about them, attempting to prevent them and alerting the administrators responsible for security. • In addition to this basic function, NIDP systems can also be used to identify problems concerning the adopted security policies, to document existing security threats and to discourage individuals from violating security rules. • NIDP systems use various incident detection methods.
  • 4. Intrusion Detection System (IDS) • There are three primary classes of detection methodology: – 1. Signature-based detection – 2. Anomaly-based detection – 3. Detection based on stateful protocol analysis
  • 5. Intrusion Detection System (IDS) 1. Signature-based detection – certain security threats can be detected based on the characteristic manner in which they appear. – The behaviour of an already detected security threat, described in a form that can be used for the detection of any subsequent appearance of the same threat, is called an attack signature. – This detection method, based on the characteristic signature of an attack, is a process of comparing the known forms in which the threat has appeared with the specific network traffic in order to identify certain incidents.
  • 6. Intrusion Detection System (IDS) 1. Signature-based detection – Although it can be very efficient in detecting the subsequent appearance of known threats, this detection method is extremely inefficient in the detection of completely unknown threats, of threats hidden by using various techniques, and of already known threats that have somehow been modified in the meantime. – It is considered the simplest detection method and it cannot be used for monitoring and analysing the state of certain, more complex forms of communication.
  • 7. Intrusion Detection System (IDS) 2. Anomaly-based detection – This method of IDP is based on detecting anomalies in a specific traffic flow in the network. – Anomaly detection is performed, based on the defined profile of acceptable traffic and its comparison with the specific traffic in the network. – Acceptable traffic profiles are formed by tracking the typical characteristics of the traffic in the network during a certain period of time (e.g., The number of email messages sent by a user, and the number of attempts to log in to a host, or the level of utilization of the processor in a given time interval). – These characteristics of the behaviour of users, hosts, connections or applications in the same time interval are then considered to be completely acceptable.
  • 8. Intrusion Detection System (IDS) 2. Anomaly-based detection – However, acceptable-behaviour profiles can unintentionally contain certain security threats, which lead to problems in their application. – Likewise, imprecisely defined profiles of acceptable behaviour can cause numerous alarms, generated by the system itself as a reaction to certain acceptable activities on the network. – The greatest advantage of this detection method is its exceptional efficiency in detecting previously unknown security threats.
  • 9. Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Stateful protocol analysis is a process of comparing predefined operation profiles with the specific data flow of that protocol on the network. – Predefined profiles of operation of a protocol are defined by the manufacturers of IDP devices and they identify everything that is acceptable or not acceptable in the exchange of messages in a protocol. – Unlike anomaly-based detection, where profiles are created based on the hosts or specific activities on the network, stateful protocolanalysis uses general profiles generated by the equipment manufacturers. – Most IDP systems use several detection methods simultaneously, thus enabling a more comprehensive and precise method of detection.
  • 10. Intrusion Detection System (IDS) 3. Detection based on stateful protocol analysis – Testing tools are used for testing the detection, recognition and response capabilities of devices that perform packet filtering (including those that use network address translation), such as firewalls, idses/ipses, routers and switches. – These test the traffic filtering devices' ability to detect and/or block dos attacks, spyware, backdoors, and attacks against applications such as IIS, SQL server and WINS (Windows Internet Name Service). – Standard traffic sessions can be used to test how packet filtering devices handle a variety of protocols including HTTP, FTP, SNMP and SMTP
  • 11. Intrusion Detection System (IDS) • Intrusion detection systems can be grouped into the following categories: – Host-based IDS – Network-based IDS – Intrusion prevention system (IPS)
  • 12. Host-based intrusion detection systems • Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. • They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. • Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
  • 13. Host-based intrusion detection systems • Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. • Because attackers mainly focus on operating system vulnerabilities to break into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
  • 14. Network-based intrusion detection systems • Network traffic based IDSs capture network traffic to detect intruders. • Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. • Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI and XNS, are vulnerable to attack and require additional ways to detect malicious events. • Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed. • NetBEUI (NetBIOS Extended User Interface) • XNS (Xerox Network Systems)
  • 15. Intrusion prevention system (IPS) • An IPS is a network security tool that can not only detect intruders, but also prevent them from successfully launching any known attack. • Intrusion prevention systems combine the abilities of firewalls and intrusion detection systems. • However, implementing an IPS on an effective scale can be costly, so businesses should carefully assess their IT risks before making the investment. • Moreover, some intrusion prevention systems are not as fast and robust as some firewalls and intrusion detection systems, so an IPS might not be an appropriate solution when speed is an absolute requirement.
  • 16. Intrusion prevention system (IPS) • When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. • You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. • It is always recommended to run IPS in test mode for a while to thoroughly understand their behaviour.
  • 17. List of Open Source IDS / IPS Tools 1. Cisco NGIPS 2. Corelight 3. Fidelis Network 4. FireEye Intrusion Prevention System 5. Hillstone S-Series 6. McAfee Network Security Platform 7. Snort. 8. Suricata 9. Bro (Zeek) 10. OSSEC 11. Samhain Labs 12. OpenDLP