Post on 08-Apr-2018
8/7/2019 IDS Final Presentation
1/21
-D I F F E R E N T T Y P E S
-D ET EC T IO N M ET H OD S
-T Y P E S O F A T T A C K S
Intrusion Detection Systems(IDS)
8/7/2019 IDS Final Presentation
2/21
Whats an IDS?
y Detects & identifies unauthorized or unusualactivityon the system
y Monitors system and network resources and
activities, uses information gathered from sources ¬ifies authorities when it identifies a possibleintrusion
y While a firewall only protects point of entry, IDS can
identifywhobreaks in, where theyare and whattheyre doing.
8/7/2019 IDS Final Presentation
3/21
Two types
y 1. Host-based IDS
Uses a single computer
Ability to pinp0int compromised files and processes
Disadvantages:
Unable to detect network-onlyattacks, or attacks on othersystems
Easier to locate where software is
Performance of monitored computer is reduced
Costly to manage
8/7/2019 IDS Final Presentation
4/21
y Network-based IDS
Detects attacks by capturing/evaluating network packets
Installed onto single-purpose computer:
Hardens against attacks Reduces number of vulnerabilities
Allows stealth mode operation
Disadvantages:
Hard to keep up withhigh volume networks
Unlike host-based, onlyable to tell ifan attack is made or ongoing
False alarms & requires significant mgmt
8/7/2019 IDS Final Presentation
5/21
Two Methods
y Knowledge-based
Also known as signature based or pattern-matching detection
Function is similar to antivirus software
Onlyable to detect attacks that is already knows Must keep signature file up to date
8/7/2019 IDS Final Presentation
6/21
y Behavior-based IDS
Also called statistical instruction detection, anomaly detectionor heuristics-based detection
Lea
rns normal
a
ctivities th
rough
wa
tch
inga
ndlea
rning Can detect abnormaland possible malicious activities based on
normalactivity
Partially identified as an A.I. or expert system.
Disadvantages:
Many false alarms
Long time to establish normalactivity
8/7/2019 IDS Final Presentation
7/21
Honey pots
y An IDS tool, used to lure intruders
y Offers an attractive nuisance to attackers
y Attacks against honey pot are made to seem
successful in order to give administrators time totrackattacker without exposing production systems
8/7/2019 IDS Final Presentation
8/21
BR U T E - F O R C E A N D D I C T I O N A R Y
D E N I A L O F S E R V I C E
S P O O F I N G
M A N - I N - T H E - M I D D L E
S P A M M I N G
S N I F F E R S
Types of Attacks
8/7/2019 IDS Final Presentation
9/21
Brute-force and Dictionary
y Brute-force use every possible combination ofletters,number and symbols
Passwords carrying 14 characters or less can be discovered
with
in 7 days
y Dictionaryattackattempts every possible passwordfrom a predefined list of common or expected words
8/7/2019 IDS Final Presentation
10/21
DoS
y Denial-of-Service attacks prevent systems fromprocessing or responding to legitimate traffic orrequests for resources and objects
Can result in: System crashes
Reboots
Data corruption
Blockage of service
8/7/2019 IDS Final Presentation
11/21
Spoofing & Man-in-the-Middle
y Spoofing is when an intruder uses a stolen usernameand password to gain entry to a web site
There, theyassume the identity ofa client and fool the server
into tra
nsmitting controll
ed da
ta
y Man-in-the-Middle, as discussed in class, happenwhen a malicious user gains a position between two
endpoints of ongoing communications Able to collect logon credentials and change content of
messages exchanged
8/7/2019 IDS Final Presentation
12/21
Spamming & Sniffer attacks
y Spamming describes unwanted email, newsgroups ordiscussion forum messages
Can contain viruses or Trojan horses
Not as much ofa threat as DoS
y Sniffer, or snooping attack is anyactivity that resultsin a malicious user getting ahold of info about a
networkand duplicating the contents of packetstraveling over the network medium into a file
8/7/2019 IDS Final Presentation
13/21
-Difference Between
-IDS & IPS
-TYPESOF PRODUCTS
Intrusion Prevention Systems (IPS)
8/7/2019 IDS Final Presentation
14/21
Your SystemYourNetwork
8/7/2019 IDS Final Presentation
15/21
IPS Functional
ityy1. Drop attacksyDrop/Block single packet, session and traffic flow during an attack
y2.Terminate session
yAbility to stop/terminate application that are vulnerable to attacks
y3. Modify firewall policies
yTemporarily change user specified access control policy
y real-time altering to the system.
y4. Generate Alerts
yAlert user ofan attack
y5. Log packages
8/7/2019 IDS Final Presentation
16/21
8/7/2019 IDS Final Presentation
17/21
PRO
DU
CT
SSnort
an open-source IDS/IPS developed by Sourcefire.
Snort is the most widely deployed IDS/ISP technology world with
over 300,000 registered users.
8/7/2019 IDS Final Presentation
18/21
PRO
DU
CT
SAirMagnet Enterprise
a simple, scalable WLAN monitoring solution that enables any
organization to proactively mitigate all type of wireless threats,
enforce enterprise policies, prevent performance problems and
audit the regulatory compliance ofall their WiFi access and
users worldwide.
8/7/2019 IDS Final Presentation
19/21
PRO
DU
CT
SBro Intrusion Detection System
another open-source, Unix-based, Network IDS that passively
monitors network traffic and looks for suspicious activity.
8/7/2019 IDS Final Presentation
20/21
PRO
DU
CT
SCisco IPS.
most widely deployed, protects against 30,000 known threats. Itdynamically recognize, evaluate, and stop emerging Internet
threats. Cisco IPS includes industry-leading researchand theexpertise of Cisco Security Intelligence. It also protect againstdirected attacks, Worms, Botnets, Malware, Application abuse
8/7/2019 IDS Final Presentation
21/21
PRO
DU
CT
SStrata Guard IDS/IPS .
high-speed intrusion detection/prevention system that givesreal-time, zero-day protection from networkattacks and
malicious traffic, preventing Malware, Sypware, port scan,virus, and DoS and DDoS from compromising hosts,Device and network outages, Dataleakage, High-riskprotocols, suchas BitTorrents, Kazaa, and TelNet fromrunning on your network