/
Intrusion Prevention Systems Intrusion Prevention Systems

Intrusion Prevention Systems - PowerPoint Presentation

tatyana-admore
tatyana-admore . @tatyana-admore
Follow
421 views
Uploaded On 2017-10-15

Intrusion Prevention Systems - PPT Presentation

dr x Logistics Command Line Lab on Thursday please bring your laptops Keep up with the reading Midterm on March 2 nd Computer Networks Basics OSI stack subnets Basic protocols ARP ICMP NAT DHCP DNS TCPIP ID: 596204

network detection system intrusion detection network intrusion system security traffic including ids prevention identify incidents software firewall computer ips

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Intrusion Prevention Systems" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Intrusion Prevention Systems

/dr. xSlide2

Logistics

Command Line Lab on Thursday: please bring your laptops

Keep up with the reading

– Midterm on March 2

nd

Computer Networks Basics: OSI stack, subnets, Basic protocols: ARP, ICMP, NAT, DHCP, DNS, TCP/IP

Penetration testing: recon, scanning, exploits (ch. 1-

4

of book: ”The basics of Hacking and Penetration Testing”)

IDS/IPS

Firewalls

Network Security P

r

otocolsSlide3

Introduction

IPSs are not a new technology, they are simply an evolved version of IDS.

IPSs combine IDSs and improved firewall technologies,

3Slide4

Definitions

Intrusions: attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer system or network( illegal access).

4Slide5

Definitions

Intrusion detection:

is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible intrusions (incidents).

Intrusion detection system (IDS):

is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities.

Intrusion prevention system (IPS):

is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.

5Slide6

Why should we use Intrusion Detection Prevention Systems?

A firewall is enough

They are too costly...

A

firewall is enough!

6Slide7

Why is an IPS useful?

Blocks the attack

Changes the security environment

Changes the attack’s content

7Slide8

Classes of detection methodologies:

Signature-based: compares known threat signatures to observed events to identify incidents.

Anomaly-based detection: sample network activity to compare to traffic that is known to be normal.

Stateful protocol analysis: A key development in IDPS technologies was the use of protocol analyzers.

8Slide9

Tuning

False positives

False negatives

Which one is worse?

9Slide10

Deployment NIDS/NIPSSlide11

Deployment HIDS/HIPSSlide12

Types of IDPSs

Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows

Wireless: monitors wireless network traffic and analyzes its wireless networking protocols to identify suspicious activity involving the protocols themselves.

12Slide13

When to use an IDPS?

Set goals

Security capabilities: including information gathering, logging, detection, and prevention.

Performance: including maximum capacity and performance features

Management: including design and implementation (e.g., reliability, interoperability, scalability, product security), operation and maintenance (including software updates), and training, documentation, and technical support Life cycle costs, both initial and maintenance costs.

13