PPT-Firewalls and Intrusion Detection Systems David Brumley dbrumley@cmu.edu

Firewalls and Intrusion Detection Systems David Brumley dbrumleycmuedu Carnegie Mellon University IDS and Firewall Goals Expressiveness What kinds of policies can we write Effectiveness How well does it detect attacks while avoiding false positives. edu Abstract The automatic exploit generation challenge is given a program automatically 64257nd vulnerabilities and gener ate exploits for them In this paper we present AEG the 64257rst endtoend system for fully automatic exploit gener ation We use edu Abstract A recurring problem in security is reverse engineering binary code to recover highlevel language data abstrac tions and types Highlevel programming languages have data abstractions such as buffers structures and local vari ables that all rebert dbrumley cmuedu Abstract In this paper we present M AYHEM a new sys tem for automatically 64257nding exploitable bugs in binary ie executable programs Every bug reported by M AYHEM is accompanied by a working shellspawning exploit The working 11. Intrusion Detection (. cont. ). modified from slides of . Lawrie. Brown. Security Intrusion. : A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.. INTRO TO INTRUSION ALARM. INTRUSION ALARM TECHNOLOGY. An intrusion detection system consists of several different system components wired together to provide protection of persons and property.. INTRUSION ALARM TECHNOLOGY. Fifth Edition. by William Stallings. Chapter 11. Intruders. They agreed that Graham should set the test for Charles Mabledene. It was neither more nor less than that Dragon should get Stern’s code. If he had the ‘in’ at Utting which he claimed to have this should be possible, only loyalty to Moscow Centre would prevent it. If he got the key to the code he would prove his loyalty to London Central beyond a doubt.. Intruders. Classes (from [ANDE80]:. two most publicized threats to security are malware and intruders. generally referred to as a . hacker. or . cracker. Examples of Intrusion. remote root compromise. Paper by: T. Bowen. Presented by: Tiyseer Al Homaiyd. 1. Introduction: . Intrusions: show observable events that deviate from the . norm.. Survivable system usually focus on detecting intrusions rather than preventing or containing damage. . &. Intrusion . Detection Systems. 1. Intruders. Three classes of intruders:. Examples of Intrusion. Performing a remote root compromise of an e-mail server. Defacing a Web server. Guessing and cracking passwords. /dr. x. Logistics. Programming homework: extra 4 days. Midterm date: Wednesday, March 1. Duration: 60 mins. Presentations: next . Rich Nelson. Reports: can you see my comments, feedback on Oaks?. L1: many reports did not even have a sentence with intro/conclusions. /dr. x. Logistics. Command Line Lab on Thursday: please bring your laptops. Keep up with the reading . – Midterm on March 2. nd. . . Computer Networks Basics: OSI stack, subnets, Basic protocols: ARP, ICMP, NAT, DHCP, DNS, TCP/IP. modified from slides of . Lawrie. Brown. Classes of Intruders – Cyber Criminals. Individuals or members of an organized crime group with a goal of financial reward. Their activities may include: . What is an IDS?. An . I. ntrusion . D. etection System is a wall of defense to confront the attacks of computer systems on the internet. . The main assumption of the IDS is that the behavior of intruders is different from legal users.. CS 469: Security Engineering. These slides are modified with permission from Bill Young (. Univ. of Texas). Coming up: Intrusion Detection. 1. Intrusion . Detection. An . intrusion detection system .