1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e....
-
Upload
moris-george -
Category
Documents
-
view
214 -
download
0
Transcript of 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e....
![Page 1: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/1.jpg)
1
INTRUSION DETECTION SYSTEM
![Page 2: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/2.jpg)
2
WHAT IS IDS?An IDS is a system designed to detect
unauthorized access to secure systems. i.e. Hacking , cracking or script based attacks.
intrusion detection systems do exactly as the name implies: they detect possible intrusions
IDS tools aim to detect computer attacks and/or computer misuse and alert the proper individuals upon detection
An IDS provides much of the same functionality as a burglar alarm installed in a house
![Page 3: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/3.jpg)
3
WHAT IS INTRUSION DETECTION??Intrusions are the activities that violate the security policy of system.Intrusion Detection is the process used to identify intrusionsIntrusion : Attempting to break into or misuse your system.Intruders may be from outside the network or legitimate users of the network.
![Page 4: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/4.jpg)
4
DISADVANTAGES OF EXISTING SYSTEM
No detection and prevention framework in a virtual networking environment
Not accuracy in the attack detection from attackers.
![Page 5: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/5.jpg)
5
ADVANTAGES OF IDSallows administrator to tune, organize and
comprehend often incomprehensible operating system audit trails and other logs
can make the security management of systems by non-expert staff possible by providing user friendly interface
can recognize and report alterations to data filesIDS generate alarm and report to administrator
that security is breaches and also react to intruders by blocking them or blocking server.
It provides time to time information, it recognize attacker (intrusion) & report alteration to data files.
![Page 6: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/6.jpg)
6
TYPES OF INTRUSION DETECTION SYSTEM
->Based on the sources of the audit information used by each IDS, the IDSs may be classified into
Host Based Intrusion Detection: HIDSs evaluate information found on a single or multiple host systems, including contents of operating systems, system and application files .
Network Based Intrusion Detection: NIDSs evaluate information captured from network communications, analyzing the stream of packets which travel across the network .
![Page 7: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/7.jpg)
7
WHERE WE PLACED IDS??
![Page 8: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/8.jpg)
8
COMPONENTS OF IDSIDS system containing following 3
component:Event generator.Analysis engine.Response/alert.
![Page 9: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/9.jpg)
9
SNORT:SNORT is a free and open source network
intrusion detection and prevention system created by Martin Roesch in 1998.
Snort has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks
It performs protocol analysis, content searching, and content matching.
![Page 10: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/10.jpg)
10
![Page 11: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/11.jpg)
11
COMPONENTS OF SNORTa. Packet Decoder b. Preprocessors c. Detection Engine d. Logging and Alerting System e. Output Modules
![Page 12: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/12.jpg)
12
Fig shows how these components are arranged. Any data packet coming from the Internet enters the packet decoder. On its way towards the output modules, it is either dropped, logged or an alert is generated
![Page 13: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/13.jpg)
13
PACKET DECODER:The packet decoder takes packets from
different types of network interfaces and prepares the packets to be preprocessed or to be sent to the detection engine
The interfaces may be Ethernet, SLIP, PPP and so on.
![Page 14: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/14.jpg)
14
PREPROCESSORSPreprocessors also known as a input plug-ins.Preprocessors are components or plug-ins
that can be used with Snort to arrange or modify data packets before the detection engine does some operation to find out if the packet is being used by an intruder.
They are also used to normalize protocol headers, detect anomalies, packet reassembly and TCP stream re-assembly.
![Page 15: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/15.jpg)
15
DETECTION ENGINE
The detection engine is the most important part of Snort.
Its responsibility is to detect if any intrusion activity exists in a packet.
![Page 16: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/16.jpg)
16
LOGGING AND ALERTING SYSTEM
It generates alert and log messages depending upon what the detection engine finds inside a packet.
![Page 17: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/17.jpg)
17
OUTPUT MODULES Output modules or plug-ins process alerts
and logs and generate final output.
![Page 18: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/18.jpg)
18
ISS – Real Secure from Internet Security Systems:
Real time IDS.Contains both host and network based IDS.
Tripwire – File integrity assessment tool.Bro and Snort – open source public-domain
system.
Commercial ID Systems
![Page 19: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/19.jpg)
19
SYSTEM CONFIGURATION:Hardware Configuration:- Processor - Pentium –IV Speed - 1.1 GHz RAM - 256 MB(min) Hard Disk - 20 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - SVGA
![Page 20: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/20.jpg)
20
Software Configuration:- Operating System: Windows XP Programming Lang.: JAVA/J2EE Java Version: JDK 1.6 & above.
![Page 21: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/21.jpg)
21
REFERENCES:
www.securityfocusonline.com/IDSwww.linuxsecurity.com/4030/topic/IDSwww.acm.com/intrusion detection system
/www.securitydocs.comwww.studymafia.orgReference book :Intrusion Detection
Systems with Snort by Rafeeq Ur Rehman
![Page 22: 1. WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking, cracking or script based attacks. intrusion.](https://reader035.fdocuments.in/reader035/viewer/2022070323/56649da65503460f94a918f5/html5/thumbnails/22.jpg)
22
THANK YOU