dr x Logistics Programming homework extra 4 days Midterm date Wednesday March 1 Duration 60 mins Presentations next Rich Nelson Reports can you see my comments feedback on Oaks L1 many reports did not even have a sentence with introconclusions ID: 546307
Download Presentation The PPT/PDF document "Intrusion Prevention Systems" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Intrusion Prevention Systems
/dr. xSlide2
Logistics
Programming homework: extra 4 days
Midterm date: Wednesday, March 1. Duration: 60 mins
Presentations: next
Rich Nelson
Reports: can you see my comments, feedback on Oaks?
L1: many reports did not even have a sentence with intro/conclusions
L1: Active vs passive reconnaissance.Slide3
Outline
Cameron: “A sense of self for Unix Processes” (25 mins including questions)
IDPS (15 mins)
Project presentations (75 mins)
Scanning lab (25 mins)Slide4
Introduction
IPSs are not a new technology, they are simply an evolved version of IDS.
IPSs combine IDSs and improved firewall technologies,
4Slide5
Definitions
Intrusions: attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer system or network( illegal access).
5Slide6
Definitions
Intrusion detection:
is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible intrusions (incidents).
Intrusion detection system (IDS):
is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities.
Intrusion prevention system (IPS):
is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
6Slide7
Why should we use Intrusion Detection Prevention Systems?
A firewall is enough
…
They are too costly...
A
firewall is enough!
7Slide8
Why is an IPS useful?
Blocks the attack
Changes the security environment
Changes the attack’s content
8Slide9
Classes of detection methodologies:
Signature-based: compares known threat signatures to observed events to identify incidents.
Anomaly-based detection: sample network activity to compare to traffic that is known to be normal.
Stateful protocol analysis: A key development in IDPS technologies was the use of protocol analyzers.
9Slide10
Tuning
False positives
False negatives
Which one is worse?
10Slide11
Deployment NIDS/NIPSSlide12
Deployment HIDS/HIPSSlide13
Types of IDPSs
Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows
Wireless: monitors wireless network traffic and analyzes its wireless networking protocols to identify suspicious activity involving the protocols themselves.
13Slide14
When to use an IDPS?
Set goals
Security capabilities: including information gathering, logging, detection, and prevention.
Performance: including maximum capacity and performance features
Management: including design and implementation (e.g., reliability, interoperability, scalability, product security), operation and maintenance (including software updates), and training, documentation, and technical support Life cycle costs, both initial and maintenance costs.
14