dr x Logistics Command Line Lab on Thursday please bring your laptops Keep up with the reading Midterm on March 2 nd Computer Networks Basics OSI stack subnets Basic protocols ARP ICMP NAT DHCP DNS TCPIP ID: 596204
Download Presentation The PPT/PDF document "Intrusion Prevention Systems" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Intrusion Prevention Systems
/dr. xSlide2
Logistics
Command Line Lab on Thursday: please bring your laptops
Keep up with the reading
– Midterm on March 2
nd
Computer Networks Basics: OSI stack, subnets, Basic protocols: ARP, ICMP, NAT, DHCP, DNS, TCP/IP
Penetration testing: recon, scanning, exploits (ch. 1-
4
of book: ”The basics of Hacking and Penetration Testing”)
IDS/IPS
Firewalls
Network Security P
r
otocolsSlide3
Introduction
IPSs are not a new technology, they are simply an evolved version of IDS.
IPSs combine IDSs and improved firewall technologies,
3Slide4
Definitions
Intrusions: attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer system or network( illegal access).
4Slide5
Definitions
Intrusion detection:
is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible intrusions (incidents).
Intrusion detection system (IDS):
is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities.
Intrusion prevention system (IPS):
is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
5Slide6
Why should we use Intrusion Detection Prevention Systems?
A firewall is enough
…
They are too costly...
A
firewall is enough!
6Slide7
Why is an IPS useful?
Blocks the attack
Changes the security environment
Changes the attack’s content
7Slide8
Classes of detection methodologies:
Signature-based: compares known threat signatures to observed events to identify incidents.
Anomaly-based detection: sample network activity to compare to traffic that is known to be normal.
Stateful protocol analysis: A key development in IDPS technologies was the use of protocol analyzers.
8Slide9
Tuning
False positives
False negatives
Which one is worse?
9Slide10
Deployment NIDS/NIPSSlide11
Deployment HIDS/HIPSSlide12
Types of IDPSs
Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows
Wireless: monitors wireless network traffic and analyzes its wireless networking protocols to identify suspicious activity involving the protocols themselves.
12Slide13
When to use an IDPS?
Set goals
Security capabilities: including information gathering, logging, detection, and prevention.
Performance: including maximum capacity and performance features
Management: including design and implementation (e.g., reliability, interoperability, scalability, product security), operation and maintenance (including software updates), and training, documentation, and technical support Life cycle costs, both initial and maintenance costs.
13