SlideShare a Scribd company logo

Computer Security and Intrusion Detection(IDS/IPS)

LJ PROJECTS, profile picture
LJ PROJECTS

The document discusses computer security and intrusion detection, detailing various types of attacks, their impact on information systems, and security properties such as confidentiality and integrity. It covers security mechanisms including prevention, avoidance, and detection, as well as the roles of intrusion detection systems (IDS) and intrusion prevention systems (IPS). Additionally, it explores attack models, vulnerabilities, and the importance of a layered defense strategy in maintaining network security.

Engineering
Related topics:
Web Analytics Overview
1 of 80
Downloaded 309 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
IDS/IPS Computer Security and Intrusion Detection • Communication •Any communication requires 4 entities •Source •Destination •Medium •Protocol – Rule
IDS/IPS Computer Security and Intrusion Detection • Communication – Flow of Information
IDS/IPS Computer Security and Intrusion Detection • Various types of attacks •Interruption •Interception •Modification •Fabrication
IDS/IPS Computer Security and Intrusion Detection • Interruption - state where the asset of a system gets destroyed or becomes un-available • targets the source or the communication channel • prevents the information from reaching the destination
IDS/IPS Computer Security and Intrusion Detection • Interruption - Examples • Cutting the physical cable medium • Overload the carrying medium • Types of Denial of Service (DoS) Attacks
IDS/IPS Computer Security and Intrusion Detection • Interception – un-authorized party gets illegal access to the information traversing through the communication channel. • Examples •Wiretapping
IDS/IPS Computer Security and Intrusion Detection • Modification – information is intercepted and modified . • Examples •MITM Attacks
IDS/IPS Computer Security and Intrusion Detection • Fabrication – attacker inserts forged objects into the system without the senders knowledge and involvement .
IDS/IPS Computer Security and Intrusion Detection • Fabrication – 2 types • Replaying • previously intercepted entity is inserted • Example – Replaying an authentication message. • Masquerading • attacker pretends to be the legitimate source • inserts his / her desired information • Example – Adding new records to a file or database
IDS/IPS Computer Security and Intrusion Detection • Security Property •Desired feature of a system with regard to certain type of attacks. •The four attacks discussed in the previous section violates the various security properties of an information system •Core qualities of any information system
IDS/IPS Computer Security and Intrusion Detection • Security Property •Confidentiality •Integrity •Availability •Authentication •Non Repudiation
IDS/IPS Computer Security and Intrusion Detection • Traffic Analysis - Process of intercepting and examining messages in order to deduce information from patterns in communication. Information collected include: •Source •Destination •Timing of the data •Frequency of a particular message •Type of data / communication
IDS/IPS Computer Security and Intrusion Detection • Non-repudiation Concept of ensuring that a contract cannot later be denied by one of the parties involved. • Describes the mechanism that prevents either sender or receiver from denying a transmitted message. •Non-repudiation of origin – proves data has been sent •Non-repudiation of delivery – proves data has been received
IDS/IPS Computer Security and Intrusion Detection •Security Mechanisms The various actions and countermeasures employed to safeguard the security properties of an information system. •Security Mechanisms – 3 Types •Attack Prevention •Attack Avoidance •Attack Detection
IDS/IPS Computer Security and Intrusion Detection • Attack Prevention Series of security mechanisms implemented to prevent or defend against various kinds of attacks before they can actually reach and affect the target system. •Examples •Access Control •Firewall
IDS/IPS Computer Security and Intrusion Detection • Attack Avoidance Techniques in which the information is modified in a way that makes it unusable for the attacker. •Assumption – Attacker may / has access to the subject information. •Examples • Cryptography
IDS/IPS Computer Security and Intrusion Detection • Attack Detection Process / Technique of reporting that something is able to bypass the security measures (if available), and identifying the type of attack. • Counter measures are initiated to recover from the impact of the attack. •Examples • IDS / IPS
IDS/IPS Computer Security and Intrusion Detection • Intrusion Detection System Intrusion detection encompasses a range of security techniques designed to detect (and report on) malicious system and network activity or to record evidence of intrusion.
IDS/IPS Attack Framework • Types of Events – 2 • Attributable Event can be traced to an authenticated user •Non-attributable Event cannot be traced to an authenticated user. Ex: Any event that occur before authentication in the login process – bad password attempts.
IDS/IPS Attack Framework Vulnerability •Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved •Pen Testers Point of View - From a penetration tester’s point of view, vulnerability is defined as a security weakness in a Target of Evaluation.
IDS/IPS Attack Framework Threat • Any possible event, action, process or phenomenon that can potentially inflict damage on system resources
IDS/IPS Attack Framework Relation between Vulnerability and Threat
IDS/IPS Attack Framework Real Life Case Study – European Space Agency •Ariane 5 Rocket – 10 years and $ 7 million •Capable of placing a pair of three-ton satellites into the orbit. •Launched on 04 Jun 1996
IDS/IPS Attack Framework Immediately after launch, Ariane 5 exploded Case of the explosion a very small computer program trying to stuff a 64-bit number into a 16-bit space See it: http://s.freissinet.free.fr/videos/aria ne5.wmv
IDS/IPS Attack Framework Vulnerability Classification Vulnerabilities can be classified as follows: • Design Vulnerabilities • Implementation Vulnerabilities • Configuration or Operational Vulnerabilities
IDS/IPS Attack Framework Design Vulnerability • When the vulnerability is said to be inherent to the project or design • Very difficult to detect and eliminate as it is inherent to the project • Proper implementation of the product will not get rid of the flaw • Example - TCP/IP protocol stack vulnerability
IDS/IPS Attack Framework Implementation Vulnerability • When an error is introduced into the components of a system, during the implementation stage of a project or algorithm, they are termed as Implementation Vulnerabilities. • Error could be hardware based or software based. • Example – Buffer Overflows
IDS/IPS Attack Framework Configuration Vulnerability • Also known as Operational Vulnerability. • Introduced into the system when the administrator responsible does not perform the proper configuration or sometimes leaving the default configuration on. •Example - Not disabling unwanted services, allowing weak passwords
IDS/IPS Attack Framework Attacks • an assault on system security that derives from an intelligent threat. • an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system •Example - denial of service attacks, penetration and sabotage
IDS/IPS Attack Framework Difference between Attack and Security Event • Attack - the intruder aims at achieving a particular result which could be against the implied security policy • Event – No rules are violated or broken
IDS/IPS Attack Framework Attack Components • Attack realization tool – Example - Port Scanner • Vulnerability – Exploit a known vulnerability • Security Event – actions on target system • Result of the Attack - When an attacker is able to exploit vulnerability and has generated a security event The results of an attack may vary depending upon the security event and vulnerability chosen.
IDS/IPS Attack Framework ATTACKER TARGET PERFORMS ATTACK General Attack Model
IDS/IPS Attack Framework The attacker and target represent the same entity ATTACKER AND TARGET ARE ON THE SAME ENTITY
IDS/IPS Attack Framework Attack Model Categories • Traditional Attack Model • One-to-one Attack Model • One-to-many Attack Model • Distribution Attack Model • Many-to-one Attack Model • Many-to-many Attack Model
IDS/IPS Attack Framework Traditional Attack Model • Attack always originate from a single point. • Single – tier architecture • There is only a single layer between the attacker and the target.
IDS/IPS Attack Framework One-to-one (traditional attack model) • The attacker and target is having a one-to-one relationship. •Attack originates from a single machine.
IDS/IPS Attack Framework One-to-many (traditional attack model) • The attacker and target is having a one-to-many relationship. •Attack originates from a single machine, but more than one target is there
IDS/IPS Attack Framework One-to-many (traditional attack model)
IDS/IPS Attack Framework Distributed Attack Model • Based on many-to-one and many-to-many relationship. • Source of the attack is more than one entity. • The attack packets originate from intermediate systems compromised by the attacker.
IDS/IPS Attack Framework Many-to-one (Distributed attack model) • The attacker and target is having a Many-to-one relationship. •Attack originates from more than one machine. •There is only one target
IDS/IPS Attack Framework Many-to-one (Distributed attack model)
IDS/IPS Attack Framework Many-to-many (Distributed attack model) • The attacker and target is having a Many-to-many relationship. •Attack originates from more than one machine. •There are more than one target
IDS/IPS Attack Framework Many-to-many (Distributed attack model)
IDS/IPS Attack Framework Distributed attack • Reconnaissance – searching for suitable host. • Compromise the system – installing backdoors • Attack Initiation – start the attack using the compromised system.
IDS/IPS Attack Framework Distributed attack - Agents • Two types of special agents •Masters / Servers •Daemons / Clients •Zombie – compromised systems where agents are installed. •Distributed attacks implement a three tier architecture
IDS/IPS Attack Framework Distributed attack - Advantages • Attack Effect – devastating effect as attack originates from multiple locations. • Anonymity – provides high level of anonymity to the attacker. • Hard-to-stop attacks – Very difficult to stop the attack without bringing down or disconnecting the target system
IDS/IPS Attack Framework Intruder • Also known as attacker – first element in the attack model. •person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system •attempts to violate Security by interfering with system Availability, data Integrity or data Confidentialit
IDS/IPS Attack Framework Intruder Types •Black Hat Hacker •Hacker spies support by Govt •Cyber Terrorist •Corporate Spies •Professional Criminals •Vandals
IDS/IPS Attack Framework Incidents •violation or imminent threat of violation that could or results in •a loss of data confidentiality, •disruption of data or system integrity, or disruption or denial of availability •An incident must clearly be a breach of network security.
IDS/IPS Attack Framework Examples of Incidents • DoS • Malicious Code • Unauthorized Access • Inappropriate Usage
IDS/IPS Introduction to IDS and IPS Intrusion - any unauthorized system or network activity on one (or more of) computer(s) or network(s) Intrusion detection systems (IDSs) are software or/and hardware based systems that detect intrusions to your network / host based on a number of telltale signs.
IDS/IPS Introduction to IDS and IPS Two types of IDS: •Active IDS – •attempt to block attacks •respond with countermeasures •alert administrators •Passive IDS – •merely log the intrusion •create audit trails
IDS/IPS Introduction to IDS and IPS IDS can provide the following information on attempted or actual security events •Data destruction •Denial-of-service •Hostile Code •Network or system eavesdropping •System or network mapping and intrusion •Unauthorized access
IDS/IPS Introduction to IDS and IPS Types of IDS •Host - based Intrusion detection system (HIDS) •Network-based intrusion detection system (NIDS) •Hybrid Intrusion Detection Systems
IDS/IPS Introduction to IDS and IPS HIDS •Resides on the host •They scan log files – OS log files, application log files etc •If the log files are corrupt, HIDS is not effective. •The scan output is logged into secure database and compared to detect any intrusion.
IDS/IPS Introduction to IDS and IPS Types of HIDS • Operating System Level – Works on OS log files. •Application Level – Works on application level log files. • Network Level – works on packets addressed to or sent from a host.
IDS/IPS Introduction to IDS and IPS Advantages of HIDS • Cost Effective • Additional Layer of Protection. • Direct control over system entities – works on packets addressed to or sent from a host.
IDS/IPS Introduction to IDS and IPS NIDS • IDS responsible for detecting in-appropriate, anomalous, or any other kind of data which may be considered unauthorized or inappropriate for a subject network • Pattern based HIDS – Combination of HIDS and NIDS
IDS/IPS Introduction to IDS and IPS IPS • Sophisticated class of network security implementation that not only has the ability to detect the presence of intruders and their actions, but also to prevent them from successfully launching any attack. • Incorporate the security features of firewall technology and that of intrusion detection systems
IDS/IPS Introduction to IDS and IPS IPS Categories • Host IPS (HIPS) •Loaded on each PC and server • Network IPS (NIPS) •Component that effectively integrates into your overall network security framework.
IDS/IPS Introduction to IDS and IPS Benefits of HIPS • Attack Prevention • Patch Relief • Internal Attack propagation prevention • Policy enforcement • Regulatory requirements
IDS/IPS Introduction to IDS and IPS NIPS - Places sensors as L2 forwarding devices.
IDS/IPS Introduction to IDS and IPS Main difference between IDS and IPS – packet dropping. Dropping of packets – Categories •Dropping a single packet •Dropping all packets for a connection •Dropping all traffic from a source IP.
IDS/IPS Introduction to IDS and IPS
IDS/IPS Introduction to IDS and IPS Defense in Depth. • Also known as Elastic defense. • Military strategy that seeks to delay rather than prevent the advance of an attacker. • Represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented.
IDS/IPS Introduction to IDS and IPS Defense in Depth •Attacker has to penetrate a series of layered defenses • Each layer is equipped with the suitable defense • The delay provides the security staff with the time to respond to the attack.
IDS/IPS Introduction to IDS and IPS Defense in Depth
IDS/IPS Introduction to IDS and IPS IDS & IPS Analysis Scheme •A baseline is first set. •Baseline - known value or quantity with which an unknown is compared when measured or assessed •A group of network activities / characteristics are categorized as baseline for an IDS system •Anything outside baseline - malicious
IDS/IPS Introduction to IDS and IPS Network Activity Baseline Variance from the Baseline activities
IDS/IPS Introduction to IDS and IPS IDS Analysis • Process of organizing the various elements of data related to IDS and their inter-relationships to identify any irregular activity of interest.
IDS/IPS Introduction to IDS and IPS IDS Analysis Divided into 4 phases: • Preprocessing • Analysis • Response • Refinement
IDS/IPS Introduction to IDS and IPS Detection Methodologies • Rule based Detection • Also known as Misuse Detection or Signature detection or pattern matching. • First scheme used in earlier IDS • process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder
IDS/IPS Introduction to IDS and IPS • Anomaly Detection • Also known as profile-based detection •A profile is created for each user group on the system. •The profile created is then used as a baseline to define user activity. •If network activity deviates from baseline, alarm is generated.
IDS/IPS Introduction to IDS and IPS • Behavior Anomaly Detection • Looks for anomalies in user behavior. • Characteristics dependent rather than statistical.
IDS/IPS Introduction to IDS and IPS • Network Behavior Anomaly Detection (NMAD) • Also known as traffic anomaly systems • Process of continuously monitoring a proprietary network for unusual events or trends • Basically statistical rather than characteristics.
IDS/IPS Introduction to IDS and IPS • Protocol Anomaly Systems • Look for deviations from the set protocol standards. • Primarily characteristics based. • Not very reliable and generates false positives.
IDS/IPS Introduction to IDS and IPS • Target Monitoring Systems • Look for modification of specified files or objects. • More of a corrective control. •Creates crypto checksum for each file. •This checksum is compared at regular intervals to detect any changes.
IDS/IPS Introduction to IDS and IPS Heuristics • Still in its initial stages • Refers to the use of AI in detecting Intrusions. • AI scripting language is used to apply the analysis to the incoming data.
IDS/IPS Introduction to IDS and IPS Hybrid Approach • Any system that uses a combination of the above mentioned analysis
IDS/IPS Introduction to IDS and IPS Some Myths •IDS and IPS are two separate solutions •IDSs and IPSs will catch or stop all network intrusions •IDS give too many false positives •IDS will eventually replace firewalls. •Few Security Admins are required if you deploy an IDS

More Related Content

PPT
intrusion detection system (IDS)
Aj Maurya
 
PPTX
Intrusion detection system
Sweta Sharma
 
PPT
Intrusion Detection System
Mohit Belwal
 
PPTX
Five Major Types of Intrusion Detection System (IDS)
david rom
 
PPTX
Network intrusion detection system and analysis
Bikrant Gautam
 
PPTX
IDS VS IPS.pptx
Tapan Khilar
 
PPTX
Intrusion detection system
Roshan Ranabhat
 
PPTX
Intrusion Detection System(IDS)
shraddha_b
 
intrusion detection system (IDS)
Aj Maurya
 
Intrusion detection system
Sweta Sharma
 
Intrusion Detection System
Mohit Belwal
 
Five Major Types of Intrusion Detection System (IDS)
david rom
 
Network intrusion detection system and analysis
Bikrant Gautam
 
IDS VS IPS.pptx
Tapan Khilar
 
Intrusion detection system
Roshan Ranabhat
 
Intrusion Detection System(IDS)
shraddha_b
 

What's hot (20)

PPTX
Introduction to Snort
Hossein Yavari
 
PPT
IDS and IPS
Santosh Khadsare
 
PPTX
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
PPTX
Intrusion detection system
Aparna Bhadran
 
PDF
IPS (intrusion prevention system)
Netwax Lab
 
PPTX
Intrusion Prevention System
Vishwanath Badiger
 
PPT
Network Intrusion Detection System Using Snort
Disha Bedi
 
PPT
Snort
Stickman Hai
 
PPTX
Intrusion detection
CAS
 
PPTX
Industrial Training - Network Intrusion Detection System Using Snort
Disha Bedi
 
PPT
Malware forensics
Sameera Amjad
 
PPT
Intrusion detection system ppt
Sheetal Verma
 
PPTX
Intrusion detection system
OECLIB Odisha Electronics Control Library
 
PPTX
Intrusion detection and prevention system
Nikhil Raj
 
PPTX
Intrusion detection
Umesh Dhital
 
PPTX
Network security - Defense in Depth
Dilum Bandara
 
PPTX
Introduction to Malware Analysis
Andrew McNicol
 
PPTX
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 
PPTX
Intrusion prevention system(ips)
Papun Papun
 
PPT
Snort
Rahul Jain
 
Introduction to Snort
Hossein Yavari
 
IDS and IPS
Santosh Khadsare
 
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Intrusion detection system
Aparna Bhadran
 
IPS (intrusion prevention system)
Netwax Lab
 
Intrusion Prevention System
Vishwanath Badiger
 
Network Intrusion Detection System Using Snort
Disha Bedi
 
Snort
Stickman Hai
 
Intrusion detection
CAS
 
Industrial Training - Network Intrusion Detection System Using Snort
Disha Bedi
 
Malware forensics
Sameera Amjad
 
Intrusion detection system ppt
Sheetal Verma
 
Intrusion detection system
OECLIB Odisha Electronics Control Library
 
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion detection
Umesh Dhital
 
Network security - Defense in Depth
Dilum Bandara
 
Introduction to Malware Analysis
Andrew McNicol
 
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 
Intrusion prevention system(ips)
Papun Papun
 
Snort
Rahul Jain
 
Ad

Viewers also liked (20)

PPTX
Ids & ips
Lan & Wan Solutions
 
PPSX
Types Of Flooring
kuntansourav
 
PPTX
Snort IDS/IPS Basics
Mahendra Pratap Singh
 
PPTX
flooring and its types
Lakshay Sharma
 
PPSX
Intrusion detection system
gaurav koriya
 
PPTX
Flooring
Aditi Shah
 
PPT
1 Ids On Campus V3a
Alexandre Marini
 
PDF
Cidade ideal apresentação IDS
Pedrokelson
 
PPT
215610229 seguranca-de-redes
Marco Guimarães
 
PPT
Ids
Caniap
 
PDF
Computer Science Thesis Defense
tompitkin
 
PPTX
IPS e IDS
gamargo
 
PPTX
Aula 13 sistemas de detecção de intrusão
camila_seixas
 
PDF
WT - Firewall & Proxy Server
vinay arora
 
PPT
Proxy server
Proxies Rent
 
PDF
Seguranca em Redes IDS
Luiz Arthur
 
ODP
Snort
Michael Boman
 
PDF
automatedbricklayout[1]
David Winkler
 
PDF
Block Laying adhesive.
Devrajsinh Gohil
 
PPTX
Can Labeling – Our Adhesives Work With Any Can Gluing Need
Pacific Adhesives
 
Ids & ips
Lan & Wan Solutions
 
Types Of Flooring
kuntansourav
 
Snort IDS/IPS Basics
Mahendra Pratap Singh
 
flooring and its types
Lakshay Sharma
 
Intrusion detection system
gaurav koriya
 
Flooring
Aditi Shah
 
1 Ids On Campus V3a
Alexandre Marini
 
Cidade ideal apresentação IDS
Pedrokelson
 
215610229 seguranca-de-redes
Marco Guimarães
 
Ids
Caniap
 
Computer Science Thesis Defense
tompitkin
 
IPS e IDS
gamargo
 
Aula 13 sistemas de detecção de intrusão
camila_seixas
 
WT - Firewall & Proxy Server
vinay arora
 
Proxy server
Proxies Rent
 
Seguranca em Redes IDS
Luiz Arthur
 
Snort
Michael Boman
 
automatedbricklayout[1]
David Winkler
 
Block Laying adhesive.
Devrajsinh Gohil
 
Can Labeling – Our Adhesives Work With Any Can Gluing Need
Pacific Adhesives
 
Ad

Similar to Computer Security and Intrusion Detection(IDS/IPS) (20)

PPT
Network sec 1
Jasleen Kaur
 
PPTX
Intrusion Detection Systems Pedagogy.pptx
sowaibakhan3
 
PPTX
Unit-5.pptx
RoyBokhiriya
 
PPTX
CNS Module 1 in cryptography and network security
bodamaddy
 
PPTX
Intrusion detection system IDS
MAURICE NTAHOBARI
 
PPT
Idps
GNANARAJA R
 
DOCX
CNS unit -1.docx
Padamata Rameshbabu
 
PDF
004_Cybersecurity Fundamentals Network Security.pdf
DaraputriOktiara
 
PPTX
Network Security & Ethical Hacking
Sripati Mahapatra
 
PPTX
Understanding Intrusion Detection & Prevention Systems (1).pptx
Rineri1
 
PPT
Intrusion detection and prevention
Nicholas Davis
 
PPT
Intrusion Detection And Prevention
Nicholas Davis
 
PDF
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
PPTX
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
PPT
Network Security fundamentals
Tariq kanher
 
PPT
Cyber Crime and Security Ch 1 .ppt
waleejhaider1
 
PPTX
Intusion detection system in visualizati
Komal Khanna
 
PPTX
Dcit 418-Slide two presentation (1).pptx
kojokoranteng19
 
PPT
Intrusiondetection systemscyberinfom.ppt
SoundariyaSathish
 
PPT
mjr-00-asia-Intrusrrrrrrrrrrrrion-long.ppt
ijaz342
 
Network sec 1
Jasleen Kaur
 
Intrusion Detection Systems Pedagogy.pptx
sowaibakhan3
 
Unit-5.pptx
RoyBokhiriya
 
CNS Module 1 in cryptography and network security
bodamaddy
 
Intrusion detection system IDS
MAURICE NTAHOBARI
 
Idps
GNANARAJA R
 
CNS unit -1.docx
Padamata Rameshbabu
 
004_Cybersecurity Fundamentals Network Security.pdf
DaraputriOktiara
 
Network Security & Ethical Hacking
Sripati Mahapatra
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Rineri1
 
Intrusion detection and prevention
Nicholas Davis
 
Intrusion Detection And Prevention
Nicholas Davis
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
Network Security fundamentals
Tariq kanher
 
Cyber Crime and Security Ch 1 .ppt
waleejhaider1
 
Intusion detection system in visualizati
Komal Khanna
 
Dcit 418-Slide two presentation (1).pptx
kojokoranteng19
 
Intrusiondetection systemscyberinfom.ppt
SoundariyaSathish
 
mjr-00-asia-Intrusrrrrrrrrrrrrion-long.ppt
ijaz342
 

More from LJ PROJECTS (11)

PDF
Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
LJ PROJECTS
 
PDF
LJ Innovation village 2019 - Uploaded by LJ Projects
LJ PROJECTS
 
PDF
Cloudedots - Ideas into Reality | Mobile and Web App development Company
LJ PROJECTS
 
PPTX
Foodies- An e-Food inventory Management Portal
LJ PROJECTS
 
PPT
Security models
LJ PROJECTS
 
PPT
Information security
LJ PROJECTS
 
PPTX
Grid Computing (An Up-Coming Technology)
LJ PROJECTS
 
PDF
Socket Programming- Data Link Access
LJ PROJECTS
 
PDF
VPN Theory
LJ PROJECTS
 
PDF
TCP/IP Introduction
LJ PROJECTS
 
PPTX
Event Management System Document
LJ PROJECTS
 
Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
LJ PROJECTS
 
LJ Innovation village 2019 - Uploaded by LJ Projects
LJ PROJECTS
 
Cloudedots - Ideas into Reality | Mobile and Web App development Company
LJ PROJECTS
 
Foodies- An e-Food inventory Management Portal
LJ PROJECTS
 
Security models
LJ PROJECTS
 
Information security
LJ PROJECTS
 
Grid Computing (An Up-Coming Technology)
LJ PROJECTS
 
Socket Programming- Data Link Access
LJ PROJECTS
 
VPN Theory
LJ PROJECTS
 
TCP/IP Introduction
LJ PROJECTS
 
Event Management System Document
LJ PROJECTS
 

Recently uploaded (20)

PDF
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPTX
web development for engineering and engineering
keshriji700
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
web development for engineering and engineering
keshriji700
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPT on Performance Review to get promotions
prashant593122
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
composite construction of structures.pdf
AinieButt1
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Project quality management in manufacturing
BarMusaTetik
 

Computer Security and Intrusion Detection(IDS/IPS)

  • 1. IDS/IPS Computer Security and Intrusion Detection • Communication •Any communication requires 4 entities •Source •Destination •Medium •Protocol – Rule
  • 2. IDS/IPS Computer Security and Intrusion Detection • Communication – Flow of Information
  • 3. IDS/IPS Computer Security and Intrusion Detection • Various types of attacks •Interruption •Interception •Modification •Fabrication
  • 4. IDS/IPS Computer Security and Intrusion Detection • Interruption - state where the asset of a system gets destroyed or becomes un-available • targets the source or the communication channel • prevents the information from reaching the destination
  • 5. IDS/IPS Computer Security and Intrusion Detection • Interruption - Examples • Cutting the physical cable medium • Overload the carrying medium • Types of Denial of Service (DoS) Attacks
  • 6. IDS/IPS Computer Security and Intrusion Detection • Interception – un-authorized party gets illegal access to the information traversing through the communication channel. • Examples •Wiretapping
  • 7. IDS/IPS Computer Security and Intrusion Detection • Modification – information is intercepted and modified . • Examples •MITM Attacks
  • 8. IDS/IPS Computer Security and Intrusion Detection • Fabrication – attacker inserts forged objects into the system without the senders knowledge and involvement .
  • 9. IDS/IPS Computer Security and Intrusion Detection • Fabrication – 2 types • Replaying • previously intercepted entity is inserted • Example – Replaying an authentication message. • Masquerading • attacker pretends to be the legitimate source • inserts his / her desired information • Example – Adding new records to a file or database
  • 10. IDS/IPS Computer Security and Intrusion Detection • Security Property •Desired feature of a system with regard to certain type of attacks. •The four attacks discussed in the previous section violates the various security properties of an information system •Core qualities of any information system
  • 11. IDS/IPS Computer Security and Intrusion Detection • Security Property •Confidentiality •Integrity •Availability •Authentication •Non Repudiation
  • 12. IDS/IPS Computer Security and Intrusion Detection • Traffic Analysis - Process of intercepting and examining messages in order to deduce information from patterns in communication. Information collected include: •Source •Destination •Timing of the data •Frequency of a particular message •Type of data / communication
  • 13. IDS/IPS Computer Security and Intrusion Detection • Non-repudiation Concept of ensuring that a contract cannot later be denied by one of the parties involved. • Describes the mechanism that prevents either sender or receiver from denying a transmitted message. •Non-repudiation of origin – proves data has been sent •Non-repudiation of delivery – proves data has been received
  • 14. IDS/IPS Computer Security and Intrusion Detection •Security Mechanisms The various actions and countermeasures employed to safeguard the security properties of an information system. •Security Mechanisms – 3 Types •Attack Prevention •Attack Avoidance •Attack Detection
  • 15. IDS/IPS Computer Security and Intrusion Detection • Attack Prevention Series of security mechanisms implemented to prevent or defend against various kinds of attacks before they can actually reach and affect the target system. •Examples •Access Control •Firewall
  • 16. IDS/IPS Computer Security and Intrusion Detection • Attack Avoidance Techniques in which the information is modified in a way that makes it unusable for the attacker. •Assumption – Attacker may / has access to the subject information. •Examples • Cryptography
  • 17. IDS/IPS Computer Security and Intrusion Detection • Attack Detection Process / Technique of reporting that something is able to bypass the security measures (if available), and identifying the type of attack. • Counter measures are initiated to recover from the impact of the attack. •Examples • IDS / IPS
  • 18. IDS/IPS Computer Security and Intrusion Detection • Intrusion Detection System Intrusion detection encompasses a range of security techniques designed to detect (and report on) malicious system and network activity or to record evidence of intrusion.
  • 19. IDS/IPS Attack Framework • Types of Events – 2 • Attributable Event can be traced to an authenticated user •Non-attributable Event cannot be traced to an authenticated user. Ex: Any event that occur before authentication in the login process – bad password attempts.
  • 20. IDS/IPS Attack Framework Vulnerability •Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved •Pen Testers Point of View - From a penetration tester’s point of view, vulnerability is defined as a security weakness in a Target of Evaluation.
  • 21. IDS/IPS Attack Framework Threat • Any possible event, action, process or phenomenon that can potentially inflict damage on system resources
  • 22. IDS/IPS Attack Framework Relation between Vulnerability and Threat
  • 23. IDS/IPS Attack Framework Real Life Case Study – European Space Agency •Ariane 5 Rocket – 10 years and $ 7 million •Capable of placing a pair of three-ton satellites into the orbit. •Launched on 04 Jun 1996
  • 24. IDS/IPS Attack Framework Immediately after launch, Ariane 5 exploded Case of the explosion a very small computer program trying to stuff a 64-bit number into a 16-bit space See it: http://s.freissinet.free.fr/videos/aria ne5.wmv
  • 25. IDS/IPS Attack Framework Vulnerability Classification Vulnerabilities can be classified as follows: • Design Vulnerabilities • Implementation Vulnerabilities • Configuration or Operational Vulnerabilities
  • 26. IDS/IPS Attack Framework Design Vulnerability • When the vulnerability is said to be inherent to the project or design • Very difficult to detect and eliminate as it is inherent to the project • Proper implementation of the product will not get rid of the flaw • Example - TCP/IP protocol stack vulnerability
  • 27. IDS/IPS Attack Framework Implementation Vulnerability • When an error is introduced into the components of a system, during the implementation stage of a project or algorithm, they are termed as Implementation Vulnerabilities. • Error could be hardware based or software based. • Example – Buffer Overflows
  • 28. IDS/IPS Attack Framework Configuration Vulnerability • Also known as Operational Vulnerability. • Introduced into the system when the administrator responsible does not perform the proper configuration or sometimes leaving the default configuration on. •Example - Not disabling unwanted services, allowing weak passwords
  • 29. IDS/IPS Attack Framework Attacks • an assault on system security that derives from an intelligent threat. • an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system •Example - denial of service attacks, penetration and sabotage
  • 30. IDS/IPS Attack Framework Difference between Attack and Security Event • Attack - the intruder aims at achieving a particular result which could be against the implied security policy • Event – No rules are violated or broken
  • 31. IDS/IPS Attack Framework Attack Components • Attack realization tool – Example - Port Scanner • Vulnerability – Exploit a known vulnerability • Security Event – actions on target system • Result of the Attack - When an attacker is able to exploit vulnerability and has generated a security event The results of an attack may vary depending upon the security event and vulnerability chosen.
  • 33. IDS/IPS Attack Framework The attacker and target represent the same entity ATTACKER AND TARGET ARE ON THE SAME ENTITY
  • 34. IDS/IPS Attack Framework Attack Model Categories • Traditional Attack Model • One-to-one Attack Model • One-to-many Attack Model • Distribution Attack Model • Many-to-one Attack Model • Many-to-many Attack Model
  • 35. IDS/IPS Attack Framework Traditional Attack Model • Attack always originate from a single point. • Single – tier architecture • There is only a single layer between the attacker and the target.
  • 36. IDS/IPS Attack Framework One-to-one (traditional attack model) • The attacker and target is having a one-to-one relationship. •Attack originates from a single machine.
  • 37. IDS/IPS Attack Framework One-to-many (traditional attack model) • The attacker and target is having a one-to-many relationship. •Attack originates from a single machine, but more than one target is there
  • 39. IDS/IPS Attack Framework Distributed Attack Model • Based on many-to-one and many-to-many relationship. • Source of the attack is more than one entity. • The attack packets originate from intermediate systems compromised by the attacker.
  • 40. IDS/IPS Attack Framework Many-to-one (Distributed attack model) • The attacker and target is having a Many-to-one relationship. •Attack originates from more than one machine. •There is only one target
  • 42. IDS/IPS Attack Framework Many-to-many (Distributed attack model) • The attacker and target is having a Many-to-many relationship. •Attack originates from more than one machine. •There are more than one target
  • 44. IDS/IPS Attack Framework Distributed attack • Reconnaissance – searching for suitable host. • Compromise the system – installing backdoors • Attack Initiation – start the attack using the compromised system.
  • 45. IDS/IPS Attack Framework Distributed attack - Agents • Two types of special agents •Masters / Servers •Daemons / Clients •Zombie – compromised systems where agents are installed. •Distributed attacks implement a three tier architecture
  • 46. IDS/IPS Attack Framework Distributed attack - Advantages • Attack Effect – devastating effect as attack originates from multiple locations. • Anonymity – provides high level of anonymity to the attacker. • Hard-to-stop attacks – Very difficult to stop the attack without bringing down or disconnecting the target system
  • 47. IDS/IPS Attack Framework Intruder • Also known as attacker – first element in the attack model. •person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system •attempts to violate Security by interfering with system Availability, data Integrity or data Confidentialit
  • 48. IDS/IPS Attack Framework Intruder Types •Black Hat Hacker •Hacker spies support by Govt •Cyber Terrorist •Corporate Spies •Professional Criminals •Vandals
  • 49. IDS/IPS Attack Framework Incidents •violation or imminent threat of violation that could or results in •a loss of data confidentiality, •disruption of data or system integrity, or disruption or denial of availability •An incident must clearly be a breach of network security.
  • 50. IDS/IPS Attack Framework Examples of Incidents • DoS • Malicious Code • Unauthorized Access • Inappropriate Usage
  • 51. IDS/IPS Introduction to IDS and IPS Intrusion - any unauthorized system or network activity on one (or more of) computer(s) or network(s) Intrusion detection systems (IDSs) are software or/and hardware based systems that detect intrusions to your network / host based on a number of telltale signs.
  • 52. IDS/IPS Introduction to IDS and IPS Two types of IDS: •Active IDS – •attempt to block attacks •respond with countermeasures •alert administrators •Passive IDS – •merely log the intrusion •create audit trails
  • 53. IDS/IPS Introduction to IDS and IPS IDS can provide the following information on attempted or actual security events •Data destruction •Denial-of-service •Hostile Code •Network or system eavesdropping •System or network mapping and intrusion •Unauthorized access
  • 54. IDS/IPS Introduction to IDS and IPS Types of IDS •Host - based Intrusion detection system (HIDS) •Network-based intrusion detection system (NIDS) •Hybrid Intrusion Detection Systems
  • 55. IDS/IPS Introduction to IDS and IPS HIDS •Resides on the host •They scan log files – OS log files, application log files etc •If the log files are corrupt, HIDS is not effective. •The scan output is logged into secure database and compared to detect any intrusion.
  • 56. IDS/IPS Introduction to IDS and IPS Types of HIDS • Operating System Level – Works on OS log files. •Application Level – Works on application level log files. • Network Level – works on packets addressed to or sent from a host.
  • 57. IDS/IPS Introduction to IDS and IPS Advantages of HIDS • Cost Effective • Additional Layer of Protection. • Direct control over system entities – works on packets addressed to or sent from a host.
  • 58. IDS/IPS Introduction to IDS and IPS NIDS • IDS responsible for detecting in-appropriate, anomalous, or any other kind of data which may be considered unauthorized or inappropriate for a subject network • Pattern based HIDS – Combination of HIDS and NIDS
  • 59. IDS/IPS Introduction to IDS and IPS IPS • Sophisticated class of network security implementation that not only has the ability to detect the presence of intruders and their actions, but also to prevent them from successfully launching any attack. • Incorporate the security features of firewall technology and that of intrusion detection systems
  • 60. IDS/IPS Introduction to IDS and IPS IPS Categories • Host IPS (HIPS) •Loaded on each PC and server • Network IPS (NIPS) •Component that effectively integrates into your overall network security framework.
  • 61. IDS/IPS Introduction to IDS and IPS Benefits of HIPS • Attack Prevention • Patch Relief • Internal Attack propagation prevention • Policy enforcement • Regulatory requirements
  • 62. IDS/IPS Introduction to IDS and IPS NIPS - Places sensors as L2 forwarding devices.
  • 63. IDS/IPS Introduction to IDS and IPS Main difference between IDS and IPS – packet dropping. Dropping of packets – Categories •Dropping a single packet •Dropping all packets for a connection •Dropping all traffic from a source IP.
  • 65. IDS/IPS Introduction to IDS and IPS Defense in Depth. • Also known as Elastic defense. • Military strategy that seeks to delay rather than prevent the advance of an attacker. • Represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented.
  • 66. IDS/IPS Introduction to IDS and IPS Defense in Depth •Attacker has to penetrate a series of layered defenses • Each layer is equipped with the suitable defense • The delay provides the security staff with the time to respond to the attack.
  • 67. IDS/IPS Introduction to IDS and IPS Defense in Depth
  • 68. IDS/IPS Introduction to IDS and IPS IDS & IPS Analysis Scheme •A baseline is first set. •Baseline - known value or quantity with which an unknown is compared when measured or assessed •A group of network activities / characteristics are categorized as baseline for an IDS system •Anything outside baseline - malicious
  • 69. IDS/IPS Introduction to IDS and IPS Network Activity Baseline Variance from the Baseline activities
  • 70. IDS/IPS Introduction to IDS and IPS IDS Analysis • Process of organizing the various elements of data related to IDS and their inter-relationships to identify any irregular activity of interest.
  • 71. IDS/IPS Introduction to IDS and IPS IDS Analysis Divided into 4 phases: • Preprocessing • Analysis • Response • Refinement
  • 72. IDS/IPS Introduction to IDS and IPS Detection Methodologies • Rule based Detection • Also known as Misuse Detection or Signature detection or pattern matching. • First scheme used in earlier IDS • process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder
  • 73. IDS/IPS Introduction to IDS and IPS • Anomaly Detection • Also known as profile-based detection •A profile is created for each user group on the system. •The profile created is then used as a baseline to define user activity. •If network activity deviates from baseline, alarm is generated.
  • 74. IDS/IPS Introduction to IDS and IPS • Behavior Anomaly Detection • Looks for anomalies in user behavior. • Characteristics dependent rather than statistical.
  • 75. IDS/IPS Introduction to IDS and IPS • Network Behavior Anomaly Detection (NMAD) • Also known as traffic anomaly systems • Process of continuously monitoring a proprietary network for unusual events or trends • Basically statistical rather than characteristics.
  • 76. IDS/IPS Introduction to IDS and IPS • Protocol Anomaly Systems • Look for deviations from the set protocol standards. • Primarily characteristics based. • Not very reliable and generates false positives.
  • 77. IDS/IPS Introduction to IDS and IPS • Target Monitoring Systems • Look for modification of specified files or objects. • More of a corrective control. •Creates crypto checksum for each file. •This checksum is compared at regular intervals to detect any changes.
  • 78. IDS/IPS Introduction to IDS and IPS Heuristics • Still in its initial stages • Refers to the use of AI in detecting Intrusions. • AI scripting language is used to apply the analysis to the incoming data.
  • 79. IDS/IPS Introduction to IDS and IPS Hybrid Approach • Any system that uses a combination of the above mentioned analysis
  • 80. IDS/IPS Introduction to IDS and IPS Some Myths •IDS and IPS are two separate solutions •IDSs and IPSs will catch or stop all network intrusions •IDS give too many false positives •IDS will eventually replace firewalls. •Few Security Admins are required if you deploy an IDS