Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Intrusion Detection Systems: Submitted by

    Încărcat de

    Hradyesh Pathak
    18 vizualizări19 pagini
    Network Security System y fire wall y Introduction y Development y Type of IDS CONTENT y Technology y Disadvantage y Conclusion Network Security System y fire wall y a firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

    Descriere originală:

    Titlu original

    final as

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Network Security System y fire wall y Introduction y Development y Type of IDS CONTENT y Technology y Disadvantage y Conclusion Network Security System y fire wall y a firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    18 vizualizări19 pagini

    Intrusion Detection Systems: Submitted by

    Încărcat de

    Hradyesh Pathak
    Network Security System y fire wall y Introduction y Development y Type of IDS CONTENT y Technology y Disadvantage y Conclusion Network Security System y fire wall y a firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 19

    Intrusion Detection Systems

    Submitted by
    Hradayesh pathak
    CONTENT
    Network Security System
    Fire wall
    Introduction
     Development
    Type of IDS
    CONTENT
    Technology
    Disadvantage
    Conclusion
    network Security System
    Fire wall
    A firewall is a part of a computer system or
    network that is designed to block
    unauthorized access while permitting
    authorized communications
    Introduction

    Intrusion Detection System


    Meaning of IDS – “Intrusion Detection
    System”, is a security system that detects
    inappropriate or malicious activity on a
    computer or network.
    Functioning of IDs
    Audit Records
    system activities are
    observable
    Audit Data
    Preprocessor

    Activity Data

    Detection normal and intrusive


    Detection Engine activities have distinct
    Models
    evidence
    Alarms
    Action/Report
    Decision Decision Engine
    Table
    Development

    In 1984 -
    Type of IDS
     Network Based IDS

     Host Based IDS


    Network Based IDS

     An independent platform that identifies


    intrusions by examining network traffic and
    monitors multiple hosts.
    e.g.-snort.
    Host Based IDS

    It consists of an agent on a host that identifies


    intrusions by analyzing system calls, application logs,
    file-system modifications and other host activities and
    state.
    E.g.-ossec
    Network Based IDSs
    Internet Gateway routers

    Our network

    Host based
    detection

     At the early stage of the worm, only limited worm


    samples.
     Host based sensors can only cover limited IP space,
    which might have scalability issues. Thus they might not
    be able to detect the worm in its early stage
    Detection Technology

    Signature detection

    Anomaly detection
    Signature Detection
    pattern
    matching

    Intrusion intrusion
    Patterns

    activities

    Example: if (src_ip == dst_ip) then “land attack”

    Can’t detect new attacks


    Anomaly Detection
    90
    80 probable
    70 intrusion
    60
    activity 50
    measures40 normal profile
    30 abnormal
    20
    10
    0
    CPU Process
    Any problem ? Size

    Relatively high false positive rate


    • Anomalies can just be new normal activities.
    • Anomalies caused by other element faults
    • E.g., router failure or misconfiguration, P2P
    misconfiguration
    Disadvantage
    False alarm

    Signature updates

    Slow processing
    Conclusion
    We have a good fire wall so why we
    need intrusion detection
    system…………….?
    REFERENCES
    www.wikipedia.com
    www.ieee.org
    www.juhuj.com
    Thank you!

    CSE 597E Fall 2001 PennState University 19

    S-ar putea să vă placă și