FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2. Intrusion Detection and Prevention Systems
|
|
- Posy Rodgers
- 8 years ago
- Views:
Transcription
1 FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 13 Intrusion Detection and Prevention Systems By Whitman, Mattord, & Austin 2008 Course Technology
2 Learning Objectives Describe the various technologies that are used to implement intrusion i detection ti and prevention Define honey pots, honey nets, and padded cell systems Describe the technologies used to create honey pots, honey nets, and padded cell systems Slide 2
3 Intrusion Detection and Prevention Intrusion occurs when attacker attempts to gain entry or disrupt normal operations of information systems, almost always with intent to do harm Intrusion detection consists of procedures and systems that identify system intrusions Intrusion reaction encompasses actions an organization takes when intrusion is detected Intrusion prevention consists of activities that deter intrusion Slide 3
4 Intrusion Detection and Prevention (continued) Intrusion correction activities finalize restoration of operations to a normal state and seek to identify source and method of intrusion to ensure same type of attack cannot occur again Intrusion detection systems (IDSs) work like a burglar alarm: detect t violation, activate t alarm Intrusion prevention system (IPS) can detect intrusion and launch an active response IDS and IPS systems often coexist Intrusion detection/prevention ti ti system (IDPS) describes current anti-intrusion technologies Slide 4
5 IDPS Terminology Alert or alarm: indication a system has just been attacked or is under attack Evasion: process by which attacker changes the format and/or timing of their activities to avoid being detected by the IDPS False attack stimulus: event that triggers alarm when no actual attack is in progress False negative: failure of an IDPS to react to an actual attack event False positive: alert or alarm that t occurs in the absence of an actual attack Slide 5
6 IDPS Terminology (continued) Noise: accurate alarm events that do not pose significant threat to information security Site policy: rules and configuration guidelines governing implementation and operation of IDPSs within an organization Site policy awareness: IDPS s ability to dynamically modify its configuration in response to environmental activity True attack stimulus: event that triggers alarms and causes an IDPS to react as if a real attack is in progress Slide 6
7 IDPS Terminology (continued) Tuning: process of adjusting IDPS to maximize efficiency in detecting true positives, while minimizing false positives and false negatives Confidence value: value placed upon an IDPS s ability to detect/identify certain attacks correctly Alarm filtering: running system for a while to track types of false positives it generates and then adjusting IDPS alarm classifications Alarm clustering and compaction: process of grouping almost identical alarms occurring at almost same time into single higher-level alarm Slide 7
8 Why Use an IDPS? NIST reasons to acquire and use an IDPS: To prevent problem behaviors by increasing the perceived risk of discovery and punishment To detect attacks and other security violations not prevented by other security measures To detect t and deal with the preambles to attacks To document existing threat to an organization To act as quality control for security design and administration To provide useful information about intrusions that do take place Slide 8
9 Why Use an IDPS? (continued) IPS technologies can respond to detected threat by attempting to prevent it from succeeding while IDS cannot IDPS operational categories: Host-based (operates on the hosts themselves) Network-based (functions at the network level) Wireless Network behavior analysis (NBA) Slide 9
10 Why Use an IDPS? (continued) Several IPS response techniques: Terminate network connection or user session that is being used for the attack Block access to target from offending user account, IP address, or other attacker attribute Block all access to targeted t host, service, application, or other resource Change the security environment Change the attack s content Slide 10
11 Network-Based IDPS NIDPSs reside on computer or appliance connected to network segment and monitor network traffic Compare measured activity to known signatures to determine whether an attack has occurred or is underway Protocol stack verification: NIDPSs look for invalid data packets Application protocol verification: higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use Slide 11
12 Network-Based IDPS (continued) Some advantages of NIDPSs: Good network design and placement of devices can enable organization to use a few devices to monitor large network Usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations Not usually susceptible to direct attack and may not be detectable by attackers Slide 12
13 Network-Based IDPS (continued) Some disadvantages of NIDPSs: Can become overwhelmed by network volume and fail to recognize attacks they might otherwise have detected Require access to all traffic to be monitored Cannot analyze encrypted packets, making some of the network traffic invisible to the process Cannot reliably ascertain if an attack was successful or not Some forms of attack are not easily discerned, specifically those involving fragmented packets Slide 13
14 Wireless NIDPS Monitors and analyzes wireless network traffic looking for potential problems with wireless protocols (Layers 2 and 3 of the OSI model) Cannot evaluate and diagnose issues with higher-layer protocols like TCP and UDP Some issues with implementation include: Physical security Sensor range Access point and wireless switch locations Wired network connections Cost Slide 14
15 Network Behavior Analysis System Examines network traffic to identify yproblems related to flow of traffic Uses a version of anomaly detection method Typical flow data relevant to intrusion detection and prevention includes: Source and destination IP addresses Source and destination TCP or UDP ports or ICMP types and codes Number of packets and bytes transmitted in the session Starting and ending timestamps for the session Slide 15
16 Network Behavior Analysis System (continued) Typically monitors internal networks; occasionally monitors internal/external t l network connections Most sensors, passive mode deployment only Types of events most commonly detected by NBA sensors include: Denial-of-service (DoS) attacks (including DDoS) Scanning Worms Unexpected application services Policy violations Slide 16
17 Host-Based IDPS Resides on particular computer or server (the host) and monitors activity only on that system Also known as system integrity verifiers Benchmark/monitor status of key system files Triggers alert when file attributes change, new files are created, or existing files are deleted Managed HIDPSs can monitor multiple computers simultaneously by creating a configuration file on each monitored host and by making each HIDPS report back to a master console system Slide 17
18 Host-Based IDPS (continued) Some advantages of HIDPSs: Can detect local events on host systems and also detect attacks that may elude NIDPSs Functions on host system, where encrypted traffic will have been decrypted and is available for processing Unaffected by use of switched network protocols Can detect inconsistencies in how applications and systems programs were used by examining records stored in audit logs, enabling it to detect some types of attacks, including Trojan Horse programs Slide 18
19 Host-Based IDPS (continued) Some disadvantages of HIDPSs: Pose more management issues since they are configured/managed on each monitored host Vulnerable to direct attacks, attacks on host OS Not optimized to detect multi-host scanning; unable to detect t scanning of non-host devices Susceptible to some denial-of-service attacks Can use large amounts of disk space to retain the host OS audit logs Inflicted overhead on host systems may reduce system performance below acceptable levels Slide 19
20 IDPS Detection Methods Signature-based (knowledge-based, misuse- detection) IDPS: examines network traffic in search of patterns that match known signatures Statistical anomaly-based (stat, behavior-based) IDPS: compares sampled network activity to established baseline Stateful protocol analysis (SPA) IDPS: uses profiles to detect anomalous protocol behavior Log file monitor (LFM) IDPS: reviews log files from servers, network devices, and other IDPSs for signatures indicating an attack or intrusion Slide 20
21 IDPS Response Behavior Response depends on organization s policy, objectives, and system capabilities Responses classified as active or passive Active response: definitive action automatically initiated when certain types of alerts are triggered; can include collecting additional data, changing or modifying the environment, and taking action against the intruders Passive response: report information they have collected and wait for administrator to act Slide 21
22 IDPS Response Behavior (continued) Some possible responses IDPSs can produce: Audible/visual alarm SNMP traps and plug-ins message Page or phone message Log entry Evidentiary packet dump Take action against the intruder Launch program Reconfigure firewall Terminate session or connection Slide 22
23 Selecting IDPS Approaches and Products Technical and policy considerations What is your system s environment? What are your security goals and objectives? What is your existing security policy? Organizational requirements and constraints What requirements are levied from outside the organization? What are your organization s resource constraints? Slide 23
24 Selecting IDPS Approaches and Products (continued) IDPSs product features and quality Is the product sufficiently scalable for your environment? How has the product been tested? What is the user level of expertise targeted by the product? Is the product designed to evolve as the organization grows? What are the support provisions for the product? Slide 24
25 Strengths and Limitations of IDPSs IDPSs perform the following functions well: Monitoring and analysis of system events and user behaviors Testing security states of system configurations Baselining security state of system and then tracking any changes to that t baseline Recognizing patterns of system events that correspond to known attacks Recognizing patterns of activity that statistically vary from normal activity Slide 25
26 Strengths and Limitations of IDPSs (continued) More functions that IDPSs perform well: Managing operating system audit and logging mechanisms and the data they generate Alerting appropriate staff by appropriate means when attacks are detected Measuring enforcement of security policies i encoded in the analysis engine Providing default information security policies Allowing non-security experts to perform important security monitoring functions Slide 26
27 Strengths and Limitations of IDPSs (continued) IDPSs cannot perform the following functions: Compensating for weak or missing security mechanisms in the protection infrastructure Instantaneously detecting, reporting, responding to attack during heavy network/processing load Detecting ti newly published attacks or variants Effectively responding to sophisticated attacks Automatically ti investigating attacks Resisting all attacks intended to defeat them Compensating for fidelity issues of data sources Dealing effectively with switched networks Slide 27
28 Deployment and Implementation of an IDPS IDPS control strategies Centralized: all IDPS control functions are implemented and managed in a central location Fully distributed: all control functions are applied at the physical location of each IDPS component Partially distributed: ib t d combines the best of the other two strategies; while individual agents still analyze and respond to local threats, their reporting to a hierarchical central facility enables the organization to detect widespread attacks Slide 28
29 Deployment and Implementation of an IDPS (continued) IDPS deployment Great care must be made in deciding where to locate IDPS components, physically and logically During deployment, each component should be installed, configured, fine-tuned, tested, and monitored NIDPS and HIDPS used in tandem can protect individual systems and organizational networks Use a phased implementation strategy so as not to affect entire organization all at once First implement NIDPSs and then install HIDPSs Slide 29
30 Deployment and Implementation of an IDPS (continued) Deploying network-based IDPSs NIST recommends four locations for NIDPS sensors: Behind each external firewall, in the network DMZ Outside an external firewall On major network backbones On critical subnets Slide 30
31 Deployment and Implementation of an IDPS (continued) Deploying host-based IDPSs Proper implementation of HIDPSs can be a painstaking and time-consuming task, as each HIDPS must be custom configured to its host May be beneficial to practice an implementation on one or more test servers beforehand Installation continues until either all systems are installed or organization reaches the planned degree of coverage it is willing to live with Slide 31
32 Measuring the Effectiveness of IDPSs When selecting an IDPS, one typically y looks at four measures of comparative effectiveness: Thresholds Blacklists and whitelists Alert settings Code viewing and editing Slide 32
33 Measuring the Effectiveness of IDPSs (continued) Once implemented, IDPSs are evaluated using two dominant metrics: Administrators evaluate the number of attacks detected in a known collection of probes Administrators examine the level of use, commonly measured in megabits per second of network traffic, at which the IDPSs fail In order to truly assess effectiveness of IDPS systems, test process should be as realistic as possible in its simulation of actual event Couple realistic traffic loads, levels of attacks Slide 33
34 Honey Pots, Honey Nets, and Padded Cell Systems Honey yp pots (decoys, lures, fly-traps): decoy systems designed to lure potential attackers away from critical systems Honey net: collection of honey pots connecting several honey pot systems on a subnet Honey pots are designed to: Divert an attacker from critical systems Collect information about the attacker s activity Encourage the attacker to stay on the system long enough for administrators to document the event and, perhaps, respond Slide 34
35 Honey Pots, Honey Nets, and Padded Cell Systems (continued) Padded cell: honey ypot that has been protected so it cannot be easily compromised in other words, a hardened honey pot In addition to attracting attackers with tempting data, padded cell operates in tandem with traditional IDPS When IDPS detects attackers, it seamlessly transfers them to special simulated environment where they can cause no harm Allows organization to observe and document actions and tactics of an attacker Slide 35
36 Honey Pots, Honey Nets, and Padded Cell Systems (continued) Advantages of using honey pot or padded cell: Attackers can be diverted to targets that they cannot damage Administrators have time to decide how to respond to an attacker Attackers actions can be easily and more extensively monitored, and the records can be used to refine threat models and improve system protections Honey pots may be effective at catching insiders who are snooping around a network Slide 36
37 Honey Pots, Honey Nets, and Padded Cell Systems (continued) Disadvantages of using honey pot or padded cell: The legal implications of using such devices are not well defined Honey pots and padded cells have not yet been proven as generally useful security technologies An expert attacker, once diverted into a decoy system, may become angry and launch a more hostile attack against an organization s systems Administrators and security managers need a high level of expertise to use these systems Slide 37
38 Trap and Trace Systems Use a combination of techniques to detect an intrusion and then to trace it back to its source Trap usually consists of a honey pot or padded cell and an alarm Trace feature is process by which organization attempts to determine identity of an intruder Slide 38
39 Trap and Trace Systems (continued) If intruder is someone inside the organization, administrators are within their power to track the individual and turn him or her over to authorities If intruder is outside security perimeter of the organization, numerous legal issues arise Back hack: hacking into a hacker s system to find out as much as possible about the hacker Enticement or entrapment? Slide 39
40 Active Intrusion Prevention Some organizations do more than wait for an attack and implement active countermeasures When attacker sends ARP request to unused IP address, LaBrea pretends to be a computer at that address, allowing attacker to connect Once connected, LaBrea changes TCP sliding window size to a low number to hold open the connection from the attacker This greatly slows down network-based worms and other attacks and gives LaBrea system time to notify system and network administrators Slide 40
41 Chapter Summary Intrusion occurs when attacker attempts to gain entry or disrupt normal operations of information system, almost always with intent to do harm Intrusion detection consists of procedures and systems that identify system intrusions Intrusion reaction encompasses actions an organization takes when intrusion is detected Intrusion prevention consists of activities that deter an intrusion Slide 41
42 Chapter Summary (continued) Intrusion detection system (IDS) works like a burglar alarm: detects violation, activates alarm Intrusion prevention system (IPS) can prevent intrusion from successfully attacking the organization by means of some active response Because these systems often coexist, term intrusion detection/prevention system (IDPS) is used to describe current anti-intrusion intrusion technologies Slide 42
43 Chapter Summary (continued) IDPSs commonly operate as either network- or host-based systems Network-based IDPS functions at network level Host-based IDPS operates on hosts themselves Systems that use both approaches are called hybrid IDPSs Slide 43
44 Chapter Summary (continued) IDPSs use variety of detection methods to monitor and evaluate network traffic Three methods dominate: signature-based approach, statistical-anomaly approach, stateful protocol analysis approach Log file monitor (LFM) IDPS is similar to NIDPS Using LFM, system reviews log files generated by servers, network devices, and other IDPSs, looking for patterns and signatures that may indicate an attack or intrusion is in progress or has already occurred Slide 44
45 Chapter Summary (continued) Honey ypots: decoy systems designed to lure potential attackers away from critical systems Honey net: collection of honey pots connecting several honey pot systems on a subnet A honey pot is configured in ways that make it look vulnerable to lure potential attackers into attacking, thereby revealing themselves Trap and trace applications use a combination of techniques to detect intrusion and then trace it back to its source Slide 45
Intrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationIntrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)
ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationAnalysis and Evaluation of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware
Analysis and Evaluation of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware 1 Corresponding Author: lawal5@yahoo.com 1 O.B. Lawal Computer Science Department,
More informationIDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow
IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationIntrusion Detection Systems
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationIntruPro TM IPS. Inline Intrusion Prevention. White Paper
IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert
More informationIntrusion Detections Systems
Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationIntrusion Detection Systems
Intrusion Detection Systems Rebecca Bace 1 and Peter Mell 2 1 Infidel, Inc., Scotts Valley, CA 2 National Institute of Standards and Technology Page 1 of 51 Intrusion Detection Systems...1 NIST Special
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationCSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls
CSE 4482 Computer Security Management: Assessment and Forensics Protection Mechanisms: Firewalls Instructor: N. Vlajic, Fall 2013 Required reading: Management of Information Security (MIS), by Whitman
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationTECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS
TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS 19 NOVEMBER 2003 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationCERT-In. Indian Computer Emergency Response Team. Handling Computer Security Incidents. IDS Intrusion Detection System
CERT-In Indian Computer Emergency Response Team Handling Computer Security Incidents IDS Intrusion Detection System Department of Information Technology Ministry of Communications and Information Technology
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationState of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:
State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationIntrusion Detection and Prevention Systems (IDS/IPS) Good Practice Guide
Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-INFR-0068.01 Prog. Director Mark Ferrar Status Approved Owner James Wood Version 2.0 Author Jason Alexander
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More informationChapter 15. Firewalls, IDS and IPS
Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationDer Weg, wie die Verantwortung getragen werden kann!
Managed Security Services Der Weg, wie die Verantwortung getragen werden kann! Christoph Altherr System Engineer Security 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Agenda Enterprise
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationINSIDE. A Justification for Intrusion Detection. Symantec Enterprise Security. by Linda McCarthy. Executive Security Advisor Office of the CTO
Symantec Enterprise Security WHITE PAPER A Justification for Intrusion Detection by Linda McCarthy Executive Security Advisor Office of the CTO INSIDE Why invest in intrusion detection systems? Types of
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationIntruders & Intrusion Hackers Criminal groups Insiders. Detection and IDS Techniques Detection Principles Requirements Host-based Network-based
Lecture Outline Intruders & Intrusion Hackers Criminal groups Insiders Detection and IDS Techniques Detection Principles Requirements Host-based Network-based Honeypot Madartists Intruders significant
More informationIntroduction p. 2. Introduction to Information Security p. 1. Introduction
Introduction p. xvii Introduction to Information Security p. 1 Introduction p. 2 What Is Information Security? p. 3 Critical Characteristics of Information p. 4 CNSS Security Model p. 5 Securing Components
More informationFirewalls, IDS and IPS
Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationDragon solution. Zdeněk Pala. ECIE certified engineer ECI certified instructor zpala@enterasys.com. There is nothing more important than our customers
There is nothing more important than our customers Dragon solution Zdeněk Pala ECIE certified engineer ECI certified instructor zpala@enterasys.com A Division of Siemens Enterprise Communications GmbH
More informationIntrusion Detection Systems vs. Intrusion Prevention Systems. Sohkyoung (Michelle) Cho ACC 626
Intrusion Detection Systems vs. Intrusion Prevention Systems Sohkyoung (Michelle) Cho ACC 626 1.0 INTRODUCTION An increasing number of organizations use information systems to conduct their core business
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationNetwork Management and Monitoring Software
Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationIDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for
Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts
More informationVolume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies
Volume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at: www.ijarcsms.com A Review
More informationClosing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationIntrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org
More informationStructured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System
xii Contents Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System Access 24 Privilege Escalation 24 DoS
More informationWhite Paper: Combining Network Intrusion Detection with Firewalls for Maximum Perimeter Protection
White Paper: Combining Network Intrusion Detection with Firewalls for Maximum Perimeter Protection April 2001 Abstract 2 What is a network intrusion detection system? 2 Electronic security mimics physical
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationDetecting rogue systems
Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationChapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall
Figure 5-1: Border s Chapter 5 Revised March 2004 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Border 1. (Not Trusted) Attacker 1 1. Corporate Network (Trusted) 2 Figure
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationHow To Design An Intrusion Prevention System
INTRUSION PREVENTION SYSTEMS (IPS): NEXT GENERATION FIREWALLS A Spire Research Report March 2004 By Pete Lindstrom, Research Director SP i RE security Spire Security, LLC P.O. Box 152 Malvern, PA 19355
More informationRadware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware.
Radware s Smart IDS Management FireProof and Intrusion Detection Systems Deployment and ROI North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion
More informationCSE590IS Intrusion Detection Systems. Marianne Shaw January 29, 2003. DDoS: Can t prevent malicious traffic reaching you
CSE590IS Intrusion Detection Systems Marianne Shaw January 29, 2003 Plan DDoS: Can t prevent malicious traffic reaching you Worms: Huge number of mostly-identical, poorly managed hosts Cost/effort of timely
More informationFifty Critical Alerts for Monitoring Windows Servers Best practices
Fifty Critical Alerts for Monitoring Windows Servers Best practices The importance of consolidation, correlation, and detection Enterprise Security Series White Paper 6990 Columbia Gateway Drive, Suite
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More information