1 / 12

INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM. Sebuah Pengenalan oleh Budi Rahardjo budi@indocisc.com. Apa itu IDS?. Sistem untuk mendeteksi adanya “ intrusion ” yang dilakukan oleh “ intruder ” Mirip seperti alarm. Intrusion.

cadee
Télécharger la présentation

INTRUSION DETECTION SYSTEM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. INTRUSION DETECTION SYSTEM Sebuah Pengenalan oleh Budi Rahardjobudi@indocisc.com

  2. Apa itu IDS? • Sistem untuk mendeteksi adanya “intrusion” yang dilakukan oleh “intruder” • Mirip sepertialarm

  3. Intrusion • Didefinisikan sebagai kegiatan yang bersifat anomaly, incorrect, inappropriate yang terjadi di jaringan atau di host

  4. Jenis IDS • Network-basedmemantau anomali di jaringan,misal melihat adanya network scanning • Host-basedmemantau anomali di host,misal memonitor logfile, process, file owenership, mode

  5. Anomali • Traffic / aktivitas yang tidak sesuai dgn policy:- akses dari/ke host yang terlarang- memiliki content terlarang (virus)- menjalankan program terlarang (web directory traversal:GET ../..; cmd.exe )

  6. IDS yang populer • snort (open source)http://www.snort.org • Sourcefire (versi komersial)http://www.sourcefire.com • ISS RealSecure & BlackICEhttp://www.iss.net • Axenthttp://www.axent.com • Cisco IDS (dahulu NetRanger) • Tripwire, swatch, dll.

  7. snort • Open source IDShost-basednetwork-basedpacket snifferimplementasi di UNIX & Windows • Beroperasi berdasarkan “rules”

  8. Contoh log snort • The log begins from: Mar 9 09:11:05 • The log ends at: Mar 9 12:22:24 • Total events: 161 • Signatures recorded: 6 • Source IP recorded: 12 • Destination IP recorded: 44 • # of attacks from to method • =========================================== • 61 202.138.228.73 202.138.228.74 IDS135-CVE-1999-0265-MISC-ICMPRedirectHost • 31 192.168.1.51 192.168.1.11 ICMP Destination Unreachable{ICMP} • 5 202.110.192.93 202.138.228.74 spp_http_decode: ISS Unicode

  9. Snort add-ons: demarc

  10. Masalah • Serangan baru memiliki signature yang baru sehingga daftar signature harus selalu diupdate • Network semakin cepat (giga) sehingga menyulitkan untuk menganalisa setiap paket • Jumlah host makin banyak: distributed IDS • Terlalu banyak laporan (false alarm)

  11. Penutup • IDS merupakan sebuah komponen utama dari pengamanan sebuah jaringan (situs) • IDS masih membutuhkan pengembangan untuk mencapai maturity

  12. Bahan Bacaan • Northcutt, Stephen"Network Intrusion Detection“, New Riders, 1999 • Situs incidentswww.incidents.org • Intrusion detection FAQhttp://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm • IDS product queryhttp://www.nwfusion.com/bg/intrude2/intrude2result.jsp?_tablename=intrude2

More Related