1 / 11

Intrusion Detection System(IDS) at a Glance

Intrusion detection system or IDS is a security software which is designed to help administrator to automatically alert or notify at any case when a user try to compromise information system through any malicious activities or at point where Violation of security policies are taken

davidrom42
Télécharger la présentation

Intrusion Detection System(IDS) at a Glance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection System (IDS) at a Glance

  2. Intrusion Detection System or IDS is a security software which is designed to help administrator to automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies are taken. It helps to deals with such attacks by inspecting all of the inbound or outbound traffic on a network.

  3. Types Of Intrusions / Attacks Web Based Attacks SQL Injection, Web Shells LFI, RFI and XSS Attacks Network Based Attacks Unauthorized Login Denial Of Service attacks Scanning ports and services Replication of Worms, Trojan, Virus Spoofing Attacks ( Arpspoof, Dns spoof Attacks ) Zero Day Attacks Attacks that aren’t known.

  4. How detection is performed in IDS Software? IDS Signature Based detection- This type of detection work well with the threads that are already determined or known. Anomaly-based detection-- This detection works on the basis of Comparison. It determines the traits of a normal action against characteristics that marks them as abnormal.

  5. A Typical Intrusion detection functions include : Monitoring and analyzing both user and system activities Analyzing system configurations andvulnerabilities Assessing system andfile integrity Ability to recognize typical patterns of attacks Analysis of abnormal activity patterns Tracking user policy violations

  6. Major component of an IDS System Network Intrusion Detection System (NIDS): This does analysis for traffic on a whole subnet and will make a match to the traffic passing by to the attacks already known in a library of known attacks.

  7. Network Node Intrusion Detection System (NNIDS): This is similar to NIDS, but the traffic is only monitored on a single host, not a whole subnet.

  8. Host Intrusion Detection System (HIDS): This takes a “picture” of an entire system’s file set and compares it to a previous picture. If there are significant differences, such as missing files, it alerts the administrator.

  9. PROS of an IDS System CAN add a greater degree of integrity to the rest of your infrastructure CAN trace user activity from point of entry to point of impact CAN recognize and report alterations to data CAN automate a task of monitoring the Internet searching for the latest attacksCAN detect when your system is under attackCAN make the security management of your system possible bynon-expert staff

  10. CONS Related to an IDS System CAN NOT compensate for a weak identification and authentication mechanisms CAN NOT conduct investigations of attacks without human intervention CAN NOT compensate for weaknesses in network protocolsCAN NOT analyze all the traffic on a busy networkCAN NOT always deal with problems involving packet-level attacksCAN NOT deal with some of the modern network hardware and features

  11. How to protect IDS • Don’t run any service on your IDS sensor • The platform on which you are Running IDS should be patched with the latest release from your vendor • Configure the IDS machine so that it doesn't respond to ping packets • User account should not be created except those that are necessary

More Related