Intrusion Detection Intrusion Detection SystemsSystems
Austen HayesCameron
Hinkel
Intrusion Detection Systems Intrusion Detection Systems (IDS)(IDS)Definition
Purpose of IDSPurpose of IDSMonitor Host/Network
Purpose of IDSPurpose of IDSMonitor Host/NetworkLog Suspicious Activity
Purpose of IDSPurpose of IDSMonitor Host/NetworkLog Suspicious ActivityDetect Potential Threats
Purpose of IDSPurpose of IDSMonitor Host/NetworkLog Suspicious ActivityDetect Potential Threats Alert System Administrator(s)
Purpose of IDSPurpose of IDSMonitor Host/NetworkLog Suspicious ActivityDetect Potential Threats Alert System Administrator(s)Generate Reports
Detection MethodsDetection MethodsStatistical Anomaly-Based
Detection MethodsDetection MethodsStatistical Anomaly-Based
◦Protocol Analysis
Detection MethodsDetection MethodsStatistical Anomaly-Based
◦Protocol Analysis◦Bandwidth
Detection MethodsDetection MethodsStatistical Anomaly-Based
◦Protocol Analysis◦Bandwidth◦Hardware Connections
Detection MethodsDetection MethodsStatistical Anomaly-Based
◦Protocol Analysis◦Bandwidth◦Hardware Connections
Signature-Based
Detection MethodsDetection MethodsStatistical Anomaly-Based
◦Protocol Analysis◦Bandwidth◦Hardware Connections
Signature-BasedStateful Protocol Analysis
Types of IDSTypes of IDSNetwork (NIDS)
NIDS
Firewall
Internet
Private Network
Types of IDSTypes of IDSHost-based (HIDS)
Firewall
Internet
Private Network
HIDS
Types of IDSTypes of IDSWireless
IDS
SensorAccess Point
Wireless Devices
Internet
Types of IDSTypes of IDSNetwork (NIDS)Host-based (HIDS)WirelessNetwork Behavior Analysis
Network IDSNetwork IDSInstallation Types
◦Hub/Switch
NIDS
Hub
Internet
Private Network
Network IDSNetwork IDSInstallation Types
◦Network Tap
NIDS
Hub
Internet
Private Network
Network IDSNetwork IDSInstallation Types
◦Inline
Internet NIDS
Hub
Private Network
Network IDSNetwork IDSExamples
◦“LaBrea Tarpit” Propagation of worms
Network IDSNetwork IDSExamples
◦“LaBrea Tarpit” Propagation of worms ARP request responses
Network IDSNetwork IDSExamples
◦Honey Pot Low-Interaction
Network IDSNetwork IDSExamples
◦Honey Pot Low-Interaction High-Interaction
Types of AttacksTypes of Attacks
Types of AttacksTypes of AttacksPort Scan
Types of AttacksTypes of AttacksPort ScanDOS Attack
Types of AttacksTypes of AttacksPort ScanDOS AttackICMP Flood
Types of AttacksTypes of AttacksPort ScanDOS AttackICMP FloodDistributed
Popular IDS SoftwarePopular IDS SoftwareSnort
◦Open source, Signature-based
Popular IDS SoftwarePopular IDS SoftwareSnort
◦Open source, Signature-basedAIDE
◦Advanced Intrusion Detection Environment
Popular IDS SoftwarePopular IDS SoftwareSnort
◦Open source, Signature-basedAIDE
◦Advanced Intrusion Detection Environment
OSSEC HIDS
ConclusionConclusionSecurity Integral to Sys. Admin
Job
ConclusionConclusionSecurity Integral to Sys. Admin
JobComplexity of Securing A
System/Network
ConclusionConclusionSecurity Integral to Sys. Admin
JobComplexity of Securing a
System/NetworkNumerous Tools Available To
Detect Threats