SlideShare a Scribd company logo

Intrusion Detection Presentation

Download as PPT, PDF
M
Mustafash79

Intrusion detection systems monitor computer networks and systems for unauthorized access or activity. There are two main types: network-based systems examine network traffic for attacks, while host-based systems check the integrity of individual systems. Methods include knowledge-based systems that detect known attacks and behavior-based systems that identify deviations from normal usage profiles. Regular auditing of systems, logs, user rights and files is needed to detect intrusions. While intrusion detection is important for security, intrusion prevention systems that can block attacks in real-time are increasingly replacing detection-only systems.

Technology
1 of 22
Downloaded 317 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
IT AUDIT INTRUSION DETECTION SYSTEMS MUSTAFA SHAH
INTRODUCTION INTRUSION DETECTION Process of monitoring events occurring in a computer system or network and analyzing them for signs of intrusions Intrusions are attempts to compromise the Confidentiality , Integrity , Availability , and Control of a computer network
OVERVIEW Intrusion detection allows organizations to protect their systems from threats that come from increasing network connectivity and information systems ID is an important part of the Security Infrastructure: Firewalls Password Authentication Encryption Anti-virus software Incident response plan
TYPES Network-Based Intrusion Detection: Monitors traffic on the network Examines packets as they pass by a sensor Packets are examined if they match a signature String signature Port signature Header signature Port State Service 104/tcp    open    acr-nema 655/tcp    open    unknown 658/tcp    open    unknown 670/tcp    open    unknown 723/tcp    open    unknown 725/tcp    open    unknown 727/tcp    open    unknown 728/tcp    open    unknown
TYPES Host-Based IDS: Works by intercepting operating system and application calls on an individual host Checks the integrity of system files Watches for suspicious processes
METHODS Knowledge-Based: Applies knowledge about specific attacks and system vulnerabilities Contains information about these vulnerabilities An alarm is triggered when an attempt is detected Completeness depends on regular update of knowledge about attack methods
METHODS Behavior-Based: Intrusion can be detected by observing a deviation from normal behavior Maintain a model of expected behavior and compare activities against this model An alarm is generated when a deviation is observed
DEPLOYENT Behind each external Firewall in the network DMZ Outside an external Firewall On major backbones On critical subnets
RISK Network Security is a crucial component of every company Loss of business Loss of intellectual property Loss of Reputation Stock price Loss of third-party confidence Legal implications HIPAA 1996 Gram-Leach Bliley Act 1999 Homeland Security Act 2002 State Laws
Homeland Security Secretary Michael Chertoff speaks about computer security at the RSA Conference on information security in San Francisco, Tuesday, April 8, 2008. AP Photo/Paul Sakuma Zombie Computers Decried As Imminent National Threat
ATTACK TYPES Scanning attacks Denial of Service Penetration attacks User to Root Remote to User Authorized User Public User
MALWARE Infectious: Viruses Worms For Profit: Spyware Adware Botnets Keystroke loggers
AUDIT CHECKLIST Proactive Auditing and monitoring are essential
STEPS Examine Log Files Look for Unauthorized User Rights Look for Unusual or Hidden Files Check for Changes in Computer or User Policies Check for Odd User Accounts Check for Altered Permissions on Files or Registry Keys Audit for Intrusion Detection
AREAS Security policies, guidelines, and procedures Security awareness programs Software-based (Logical) Access controls including: Change control Data and program access Audit trails Access control software Authentication procedures Hiring Policy for Network Administrators
SURVEY
 
 
 
CONCLUSION IDS is an important tool in the Security Hierarchy It is mostly outsourced to third-parties IDS will be replaced with Intrusion Prevention Systems in the future IP systems prevent attacks in real-time Able to decode layer 7 protocols like HTTP, FTP, and SMTP An Incident Response Plan is a must
SOURCES http://en.wikipedia.org/wiki/Intrusion-prevention_system http://en.wikipedia.org/wiki/Zombie_computer http://en.wikipedia.org/wiki/Botnet http://en.wikipedia.org/wiki/Cyber-security_regulation http://blog.wired.com/27bstroke6/2008/04/zombie-computer.html?nup=1&mbid=yhp http://en.wikipedia.org/wiki/Intrusion_detection_system http://en.wikipedia.org/wiki/Malware
SOURCES http://www.cert.org/tech_tips/WIDC.html#C16 http://www.sans.org/top20/#z1 http://www.nist.org/news.php http://www.snort.org/ http://www.sans.org/resources/idfaq/ http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf http://www.pwc.com/extweb/pwcpublications.nsf/docid/ 114E0DE67DE6965385257341005AED7B/$FILE/PwC_GISS2007.pdf

More Related Content

PPTX
DoS or DDoS attack
stollen_fusion
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
PPT
intrusion detection system (IDS)
Aj Maurya
 
PDF
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
PPT
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
PDF
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
PPT
Port scanning
Hemanth Pasumarthi
 
PPTX
Intrusion detection system
Roshan Ranabhat
 
DoS or DDoS attack
stollen_fusion
 
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
intrusion detection system (IDS)
Aj Maurya
 
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Port scanning
Hemanth Pasumarthi
 
Intrusion detection system
Roshan Ranabhat
 

What's hot (20)

PPT
IDS and IPS
Santosh Khadsare
 
PPTX
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
PPTX
Intrusion Detection Systems (IDS)
Hachmdhmdzad
 
PPTX
Intrusion detection system
Akhil Kumar
 
PDF
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
PPTX
Network security
Simranpreet Singh
 
PPTX
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPSX
Intrusion detection system
gaurav koriya
 
PPTX
Intrusion Prevention System
Vishwanath Badiger
 
PPTX
Pen Testing Explained
Rand W. Hirt
 
PDF
SIEM and Threat Hunting
n|u - The Open Security Community
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PPTX
Intrusion detection system
AAKASH S
 
PPTX
Intrusion Detection System(IDS)
shraddha_b
 
PPTX
Cyber security landscape
Jisc
 
PPTX
Network security
Nkosinathi Lungu
 
PPT
Cryptography
gueste4c97e
 
PPTX
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
PDF
1. introduction to cyber security
Animesh Roy
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
IDS and IPS
Santosh Khadsare
 
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Intrusion Detection Systems (IDS)
Hachmdhmdzad
 
Intrusion detection system
Akhil Kumar
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Network security
Simranpreet Singh
 
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Intrusion detection system
gaurav koriya
 
Intrusion Prevention System
Vishwanath Badiger
 
Pen Testing Explained
Rand W. Hirt
 
SIEM and Threat Hunting
n|u - The Open Security Community
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Intrusion detection system
AAKASH S
 
Intrusion Detection System(IDS)
shraddha_b
 
Cyber security landscape
Jisc
 
Network security
Nkosinathi Lungu
 
Cryptography
gueste4c97e
 
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
1. introduction to cyber security
Animesh Roy
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Ad

Viewers also liked (12)

PPT
Intrusion detection system ppt
Sheetal Verma
 
PPTX
Intrusion detection and prevention system
Nikhil Raj
 
PDF
New Fuzzy Logic Based Intrusion Detection System
ijsrd.com
 
PPTX
Intrusion detection in MANETS
Pooja Kundu
 
PPT
Introduction To Intrusion Detection Systems
Paul Green
 
PPTX
Intrusion detection system
Aparna Bhadran
 
PPTX
Intrusion detection
Umesh Dhital
 
PPTX
Firewall presentation
Amandeep Kaur
 
PPTX
Security issues in manet
flowerjaan
 
PPTX
Five Major Types of Intrusion Detection System (IDS)
david rom
 
PDF
3 Things Every Sales Team Needs to Be Thinking About in 2017
Drift
 
PDF
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Intrusion detection system ppt
Sheetal Verma
 
Intrusion detection and prevention system
Nikhil Raj
 
New Fuzzy Logic Based Intrusion Detection System
ijsrd.com
 
Intrusion detection in MANETS
Pooja Kundu
 
Introduction To Intrusion Detection Systems
Paul Green
 
Intrusion detection system
Aparna Bhadran
 
Intrusion detection
Umesh Dhital
 
Firewall presentation
Amandeep Kaur
 
Security issues in manet
flowerjaan
 
Five Major Types of Intrusion Detection System (IDS)
david rom
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
Drift
 
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Ad

Similar to Intrusion Detection Presentation (20)

PPTX
Intrusion detection system
Sweta Sharma
 
PPT
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
madin20232022
 
PPTX
Understanding Intrusion Detection & Prevention Systems (1).pptx
Rineri1
 
PPT
ch08.ppt
HaipengCai1
 
PPTX
Intusion detection system in visualizati
Komal Khanna
 
PPTX
Intrusion Detection Systems of Cyber Security
SumaiyaSk
 
PPSX
Intrusion prevension
ahmad abdelhafeez
 
PPTX
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
DOCX
Network and web security
Nitesh Saitwal
 
PPTX
Intrusion Detection systems detaild.pptx
SoundariyaSathish
 
PPSX
Ids 00 introduction_ intrusion detection & prevention systems
jyoti_lakhani
 
PPTX
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
PPT
Intrusion Detection System
Mohit Belwal
 
PPT
Intrusion detection 2001
eaiti
 
PDF
BAIT1103 Chapter 7
limsh
 
PDF
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
ijtsrd
 
PPTX
Intrusion Detection Systems Pedagogy.pptx
sowaibakhan3
 
PPTX
computer security principles and practice chapter 8
kemetex
 
PPT
ids.ppt
Agostinho9
 
PPTX
Cyber-Security-Unit-4.pptx
TikdiPatel
 
Intrusion detection system
Sweta Sharma
 
Chapter-3-Intrusion-Detection-Systems-part-1.ppt
madin20232022
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Rineri1
 
ch08.ppt
HaipengCai1
 
Intusion detection system in visualizati
Komal Khanna
 
Intrusion Detection Systems of Cyber Security
SumaiyaSk
 
Intrusion prevension
ahmad abdelhafeez
 
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
Network and web security
Nitesh Saitwal
 
Intrusion Detection systems detaild.pptx
SoundariyaSathish
 
Ids 00 introduction_ intrusion detection & prevention systems
jyoti_lakhani
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
Intrusion Detection System
Mohit Belwal
 
Intrusion detection 2001
eaiti
 
BAIT1103 Chapter 7
limsh
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
ijtsrd
 
Intrusion Detection Systems Pedagogy.pptx
sowaibakhan3
 
computer security principles and practice chapter 8
kemetex
 
ids.ppt
Agostinho9
 
Cyber-Security-Unit-4.pptx
TikdiPatel
 

Recently uploaded (20)

PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation theory and applications.pdf
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Teaching material agriculture food technology
LiaRayya
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
KodekX | Application Modernization Development
KodekX
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 

Intrusion Detection Presentation

  • 1. IT AUDIT INTRUSION DETECTION SYSTEMS MUSTAFA SHAH
  • 2. INTRODUCTION INTRUSION DETECTION Process of monitoring events occurring in a computer system or network and analyzing them for signs of intrusions Intrusions are attempts to compromise the Confidentiality , Integrity , Availability , and Control of a computer network
  • 3. OVERVIEW Intrusion detection allows organizations to protect their systems from threats that come from increasing network connectivity and information systems ID is an important part of the Security Infrastructure: Firewalls Password Authentication Encryption Anti-virus software Incident response plan
  • 4. TYPES Network-Based Intrusion Detection: Monitors traffic on the network Examines packets as they pass by a sensor Packets are examined if they match a signature String signature Port signature Header signature Port State Service 104/tcp    open    acr-nema 655/tcp    open    unknown 658/tcp    open    unknown 670/tcp    open    unknown 723/tcp    open    unknown 725/tcp    open    unknown 727/tcp    open    unknown 728/tcp    open    unknown
  • 5. TYPES Host-Based IDS: Works by intercepting operating system and application calls on an individual host Checks the integrity of system files Watches for suspicious processes
  • 6. METHODS Knowledge-Based: Applies knowledge about specific attacks and system vulnerabilities Contains information about these vulnerabilities An alarm is triggered when an attempt is detected Completeness depends on regular update of knowledge about attack methods
  • 7. METHODS Behavior-Based: Intrusion can be detected by observing a deviation from normal behavior Maintain a model of expected behavior and compare activities against this model An alarm is generated when a deviation is observed
  • 8. DEPLOYENT Behind each external Firewall in the network DMZ Outside an external Firewall On major backbones On critical subnets
  • 9. RISK Network Security is a crucial component of every company Loss of business Loss of intellectual property Loss of Reputation Stock price Loss of third-party confidence Legal implications HIPAA 1996 Gram-Leach Bliley Act 1999 Homeland Security Act 2002 State Laws
  • 10. Homeland Security Secretary Michael Chertoff speaks about computer security at the RSA Conference on information security in San Francisco, Tuesday, April 8, 2008. AP Photo/Paul Sakuma Zombie Computers Decried As Imminent National Threat
  • 11. ATTACK TYPES Scanning attacks Denial of Service Penetration attacks User to Root Remote to User Authorized User Public User
  • 12. MALWARE Infectious: Viruses Worms For Profit: Spyware Adware Botnets Keystroke loggers
  • 13. AUDIT CHECKLIST Proactive Auditing and monitoring are essential
  • 14. STEPS Examine Log Files Look for Unauthorized User Rights Look for Unusual or Hidden Files Check for Changes in Computer or User Policies Check for Odd User Accounts Check for Altered Permissions on Files or Registry Keys Audit for Intrusion Detection
  • 15. AREAS Security policies, guidelines, and procedures Security awareness programs Software-based (Logical) Access controls including: Change control Data and program access Audit trails Access control software Authentication procedures Hiring Policy for Network Administrators
  • 17.  
  • 18.  
  • 19.  
  • 20. CONCLUSION IDS is an important tool in the Security Hierarchy It is mostly outsourced to third-parties IDS will be replaced with Intrusion Prevention Systems in the future IP systems prevent attacks in real-time Able to decode layer 7 protocols like HTTP, FTP, and SMTP An Incident Response Plan is a must
  • 21. SOURCES http://en.wikipedia.org/wiki/Intrusion-prevention_system http://en.wikipedia.org/wiki/Zombie_computer http://en.wikipedia.org/wiki/Botnet http://en.wikipedia.org/wiki/Cyber-security_regulation http://blog.wired.com/27bstroke6/2008/04/zombie-computer.html?nup=1&mbid=yhp http://en.wikipedia.org/wiki/Intrusion_detection_system http://en.wikipedia.org/wiki/Malware
  • 22. SOURCES http://www.cert.org/tech_tips/WIDC.html#C16 http://www.sans.org/top20/#z1 http://www.nist.org/news.php http://www.snort.org/ http://www.sans.org/resources/idfaq/ http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf http://www.pwc.com/extweb/pwcpublications.nsf/docid/ 114E0DE67DE6965385257341005AED7B/$FILE/PwC_GISS2007.pdf