1 / 9

Network Intrusion Detection System

Network Intrusion Detection System. NAIST. Omar ISMAIL. Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology Nara, Japan. 1. 20 th June 2003. Outline. NAIST. What is NIDS ?. Why it is important?. Snort. Deployment at AI3.

uriah
Télécharger la présentation

Network Intrusion Detection System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Intrusion Detection System NAIST Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology Nara, Japan 1 20th June 2003

  2. Outline NAIST • What is NIDS? • Why it is important? • Snort • Deployment at AI3 • Cases Explained • Need exporing tools? • Future work 2 20th June 2003

  3. Network Intrusion Detection System(NIDS) NAIST • What is IDS and NIDS IDS : A tool that knows how to read and interpret the log files Types of IDS : Network-IDS, Host-IDS and Distrubuted-IDS NIDS : Monitors network backbones and looking for attack signitures • Why are intrusion detection system important? Just think about cancer • Why we only choose NIDS? AI3-NAIST has been a “middle” point between Japan and the other partners 3 20th June 2003

  4. Snort(1) NAIST • What and Why Snort? Very popular, signiture based, Full fledged, and open-source NIDS Packet sniffer, packet logger and NIDS Snort Packet Decode Engine Preprocessor Plug-ins Detection Engine Detection Plug-ins Output plug-ins 4 20th June 2003

  5. Snort(2) NAIST Performance Considerstion: • Snort is version 2 now. Preprocessing Ability and Plug-ins make Snort faster and more effective. Also, by using switches and tapping, Snort is also very effective in high-speed network. 5 20th June 2003

  6. Deployment NAIST To Satellite Nara Main Segment Nara Backbone SFC Segment Snort 6 20th June 2003

  7. Deployment NAIST To Satellite Nara Main Segment Nara Backbone Snort2 SFC Segment Snort1 7 20th June 2003

  8. Cases Explained NAIST Present the alert data... 8 20th June 2003

  9. Future Work NAIST Make the output human readable Set up Distributed-IDS at AI3 9 20th June 2003

More Related