Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Chapter 7 - Section 7.5

advertisement 
7.5 Intrusion Detection Systems
Network Security / G.Steffen
1
In This Section
 Intrusion Detection Systems (IDS)
 Types of IDSs
 IDS Strengths & Limitations
Network Security / G.Steffen
2
Intrusion Detection Systems (IDSs)
 IDS is a device that monitors activity to identify
malicious or suspicious events.
 It acts like a sensor.
 It can perform a variety of functions such as:
 Monitoring users & system activity
 Auditing system configuration
 Assessing the integrity of critical system & data files
 Identifying abnormal activity
 Correcting system configuration errors
Network Security / G.Steffen
3
Types of IDSs 1
 Signature-based IDS
 It performs simple pattern-matching & report situations
that matches a pattern corresponding to a known attack
type.
 It tends to use statistical analysis
 The problem is the signature itself
 Heuristic IDS (Anomaly based IDS)
 It builds a model of acceptable behavior & flag
exceptions to that model
Network Security / G.Steffen
4
Types of IDSs 2
 Network-based IDS
 It is a stand-alone device attached to the network to
monitor traffic throughout that network.
 Host-based IDS
 It runs on a single workstation or client/host to protect
that one host.
 State-based IDS – It sees the system going through
changes of overall state or configuration
 Model-based IDS
 Misuse ID – In this the real activity is compared against
a known suspicious area.
Network Security / G.Steffen
5
Stealth Mode
 Most IDSs run in stealth mode
Stealth Mode IDS Connected to Two Networks
Network Security / G.Steffen
6
Design Approach for an IDS







Filter on packet headers
Filter on packet content
Maintain connection state
Use complex, multi packet signatures
Filter in real time, online
Hide its presence
Use minimal number of signatures with maximum
effect
 Use optimal sliding time window size to match
segments
Network Security / G.Steffen
7
IDS Strengths & Limitations
 Upside of IDSs
 It can detect ever-growing number of serious problems
 Evolving with time
 Continuous improvement
 Downside of IDSs
 It is sensitive, therefore difficult to measure and adjust
 It does not run itself
Network Security / G.Steffen
8
Related documents
UNIVERSITY OF NAIROBI Institute for Development Studies
UNIVERSITY OF NAIROBI Institute for Development Studies
SNORT
SNORT
IDS
IDS
IDS
IDS
IDS
IDS
IDS
IDS
EELE 414 – Introduction to VLSI Design Homework #3 (show work
EELE 414 – Introduction to VLSI Design Homework #3 (show work
Minutes of Meeting (UC Admin) 1: 30 PM Finish Time 12: 30 PM
Minutes of Meeting (UC Admin) 1: 30 PM Finish Time 12: 30 PM
Cos424 report Talal
Cos424 report Talal
click to view details
click to view details
IDS In Depth Search: Ideas, Descriptions, and Solutions
IDS In Depth Search: Ideas, Descriptions, and Solutions
Host Intrusion Prevention Systems & Beyond By Dilsad Sera
Host Intrusion Prevention Systems & Beyond By Dilsad Sera
Day 10 - Intrusion Detection System - IT443
Day 10 - Intrusion Detection System - IT443
FinalExam
FinalExam
Intrusion Detection Methods and Resolutions James Logan jlogan
Intrusion Detection Methods and Resolutions James Logan jlogan
Security Technology-II
Security Technology-II
Unique IDs and labeling
Unique IDs and labeling
17-IDS
17-IDS
Case Representation
Case Representation
Here
Here
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
Chapter 1
Chapter 1
Download
advertisement