PowerPoint Presentation

Some Great Open Source Intrusion Detection Systems (IDSs)1Introduction to IDSIts simply a security software which is termed to help user or system administrator by automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies is taken.

Intrusion Detection System (IDS) is designed to monitor an entire network activity, traffic and identify network and system attack with only a few devices.

2IDSs prepare for and deal with attacks by collecting information from a variety of system and network sources, then analyzing the symptoms of security problems.

3Some Benefits of IDSMonitors the operations of firewalls, routers and key management servers.

Comes with extensive attack signature database against which information from the customers system can be matched.

Can recognize and report alterations to data files.

Allows administrator to tune, organize and comprehend often incomprehensible operating system audit trails and other logs.4Intrusion Detection TechniquesIDS signature detection

Anomaly detection5IDS Signature DetectionIntrusion detection by signature is quite similar to virus detection. So its easy to implement.

This type of detection works well with the threads that are already determined or known.

It implicates searching a series of bytes or sequence that are termed to be malicious.

6

7Strength of IDS SignatureSimple to implement

Lightweight

Low false positive rate

High true positive rate for known attacks8 Anomaly DetectionThe anomaly detection technique is a centralized process that works on the concept of a baseline for network behaviour.

This baseline is a description of accepted network behaviour, which is learned or specified by the network administrators, or both.

Its integral part of baselining network is the capability of engine's to dissect protocols at all layers.

9

10Strength of Anomaly DetectionIdentifies abnormal usual behavior.

Matches the attack with normal pattern.

It's ability to recognize novel attacks.

IDS can detect new types of attacks.11What IDS Can Do?Protect your system.

Secure the information flowing in the system.

Matches the patterns of activity of a system to that of an attack.

Attack detection for the IDS itself.

12ConclusionSelect IDS according to your needs and requirement.

There is about 400 different IDS on the market. Only a few of IDS Signature products integrate well in large environments, are scalable, and easy to maintain.13