1 / 22

AGENDA

Intrusion Detection System presented by, GURUMUNI M 1JV07CS013. AGENDA. History. WHAT’S AN IDS? Security and Roles Types of Violations.

thea
Télécharger la présentation

AGENDA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intrusion Detection System presented by, GURUMUNI M 1JV07CS013

  2. AGENDA • History. • WHAT’S AN IDS? • Security and Roles • Types of Violations. • Types of Detection • Types of IDS. • IDS issues. • Application.

  3. History: • 1970s - Observation by administrators • When an account is used • When/how much a resource is used • Early 1980s – Usage models • First proposed by Anderson (1980) • Based on accounting logs • Login frequency, volume data processed, etc. • Batch processing; not real time

  4. What’s an IDS? • Any set of actions that attempt to compromise the confidentiality, integrity, or availability of a computer resource is called as ids. • Term is overloaded • Trying to detect a policy violation

  5. COMPUTER SECURITY AND ROLES: • Confidentiality: Transforming data such that only authorized parties can decode it. • Authentication: Proving or disproving someone’s or something’s claimed identity. • Integrity checking: Ensuring that data cannot be modified without such modification . being detectable • Non – repudiation: Proving that a source of some data did in fact send data that he might later deny sending

  6. TYPES OF VIOLATIONS: • Attack • Attempts to exploit a vulnerability • Ex: denial of service, privilege escalation • Intrusion • Acts as another legitimate user • Misuse • User abuses privileges • Often called the “insider threat”

  7. TYPES OF DETECTION: • Misuse detection • Built with knowledge of “bad” behaviors • Collection of signatures • Examine event stream for signature match • Anomaly detection • Built with knowledge of “normal” behaviors • Examine event stream for deviations from normal

  8. SOME OF THE HACKING TOOLS:

  9. Types of IDS • Primary Types: • Network IDS (NIDS) • Host IDS (HIDS) • Hybrid Types: • Per-Host Network IDS (PH-NIDS) • Load Balanced Network IDS (LB-NIDS) • Firewall IDS (FW-IDS)

  10. NETWORK BASED (Advantages) • Can get information quickly without any reconfiguration of computers. • Does not affect network or data sources • Monitor and detects in real time networks attacks or misuses • Does not create system overhead

  11. NETWORK BASED (Disavantages) • Cannot scan protocols if the data is encrypted • Hard to implement on fully switched networks • Has difficulties sustaining network with a very large bandwidth

  12. Target Host Attack Generator NIDS Naïve Simulation Network Test Network Attack Stream

  13. What’s HAPPENING? • IN THE ABOVE FIG THERE ARE THREE COMPUTERS • 1.TARGET HOST : IT IS ALSO A MAIN COMPUTER AND CLIENT IS WORKING IN IT. • 2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE COMPUTER BUT IT IS USED BY ATTACKER. • 3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS SYSTEM THE HACKER TRIES TO HACK THE DATA PRESENT IN TARGET HOST.

  14. IDS ISSUES: • Lack of Physical Wires • Bandwidth Issues • Difficulty of Anomaly and Normality Distinction • Possibility of a Node Being Compromised

  15. ONTOLOGY SERVERS ONTOLOGY IS AN MEDICAL APPROACH WHICH IS IMPLEMENTED IN NETWORKS PLATFORM. ONE OF THE APPROACH WHERE WE CAN PROVIDE HIGH SECURITY IS BY USING ONTOLOGY SERVERS.

  16. HOW IT WORKS? • WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA. SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA PRESENT IN MAIN SERVER TO FOUR SUB SERVERS.

  17. CONTD…… • SO WENEVER HACKER HACKS ANY SUBSERVER HE WILL GET ONLY PARTIAL INFORMATION WHICH HE CANNOT ENCRYPT OR DECRYPT IT. • IF SUPPOSE CLIENT SENDS AN API TO SERVER TO SEND THE DATA WHICH IT SENT THEN THE MAIN SERVER WILL SEND THE API’S TO SUBSERVER GATHER THE INFORMATION AND SENDS IT BACK TO CLIENT.

  18. ADVANTAGES: 1.IT PROVIDES HIGH SECURITY. 2.DATA LOSS IS LESS. DIS ADVANTAGES: 1.TIME TAKEN IS MORE AND COST IS HIGH. 2.NEEDS MANY NUMBER OF SYSTEMS.

  19. Conclusion: • BY MAKING USE OF ABOVE APPROACH WE CAN PROVIDE HIGH SECURITY TO ANY EXISTING SYSTEM. • WE CAN AVOID INTRUDERS INTRUDING THE DATA.

  20. FUTURE ENHANCEMENT: • There is a need for a COMPETENT analyst • Need someone that can fine tune the IDS in order to avoid false positive or false negative • Must subscribe to popular advisories and security newsletters such as bugtraq, CERT, GIAC, SANS, and others

  21. REFERENCES: • [1] Lidong Z., Zygmunt J. H., “Securing ad hoc networks”, IEEE Network, Vol. 13, No. 6, 1999, pp. 24-30. • [2] Sundaram A., "An Introduction to Intrusion Detection", http://www.acm.org/crossroads/xrds2-4/intrus.html • [3] Arbaugh W., Shankar N., Wan Y.C.J., “Your 802.11 Wireless Network Has No Clothes”, University of Maryland, 30-Mar-2001.

  22. THANK YOU

More Related