8. Intrusion detection and penetration tests
|
|
- Dwain Gibson
- 8 years ago
- Views:
Transcription
1 8. Intrusion detection and penetration tests
2 Intrusion detection and response Purpose: to detect and respond to network attacks and malicious code Malicious code Intended to harm, disrupt, or circumvent computer and network functions (viruses, trojan horses, worms ) Network attacks Modification attacks: unauthorized alteration of information Repudiation attack: denial that an event or transaction ever occurred Denial-of-service attack: actions resulting in the unavailability of network resources and services, when required Access attacks: unauthorized access to network resources and information 2
3 Intrusion Detection Mechanisms Anti-virus client machines server machines (mail server ) Intrusion detection and response Monitoring systems for evidence of intrusions or inappropriate usage and responding to this evidence ID Detection of inappropriate, incorrect or anomalous activity Response Notifying the appropriate parties to take action To determine the extent of the severity of an incident To remediate the incident s effects 3
4 8.1.1 History of the development of IDS Today, the products implement concepts dating from the years
5 8.1.1 Types of ID systems: NIDS Network-based ID systems (NIDSs, network IDSs): NIDS reside on a discrete network segment and monitor the traffic on that segment. They usually consist in a network appliance with a network interface card (NIC) that is intercepting and analyzing the network packets in real time. Les cartes d interface réseau sont en général en mode promiscuité (promiscuous mode), elles sont alors en mode «furtif» afin qu elles n aient pas d adresse IP. Packets are identified to be of interest if they match a signature String signature: look for a text string that indicates a possible attack Port signature: watch for connection attempts to well-known, frequently attacked ports Header condition signatures: watch for dangerous or illogical combinations in packet headers Generally deployed in front of and behind the firewalls and VPN Characteristics provides reliable, real-time information without consuming network or host resources Passive when acquiring data and review packets and headers Can detect DoS attacks Can respond to an attack in progress to limit damage (thanks to real-time monitoring) Not able to detect attacks against a host made by an intruder who is logged in at the host s terminal 5
6 8.1.1 Types of ID systems: HIDS Host-based ID systems (host-based IDSs): use small programs that resides on a host computer (web server, mail server ) Monitor the operating system Detect inappropriate activity Write to log files Trigger alarms Characteristics Monitor accesses and changes to critical system files and changes in user privileges Detect trusted insider attacks better than a network-based IDS Relatively effective for detecting attacks from the outside Can be configured to look at all the network packets, connection attempts, login attempts to the monitored machine, including dial-in attempts or other non-network-related communication ports 6
7 Signature-based IDSs Signature-based IDSs: signature or attributes that characterizes an attack are stored for reference (if there is a match, a response is initiated) Advantages Low false alarm rates Standardized (generally) Understandable by security personnel Disadvantages Failure to characterize slow attacks that extend over a long period of time Only attack signatures that are stored in the database are detected Knowledge database needs to be maintained and updated regularly Because knowledge about attacks is very focused (dependent on the operating system, version, platform, and application), new, unique, or original attacks often go unnoticed 7
8 Statistical anomaly-based IDSs Statistical anomaly-based or behavior-based IDSs: dynamically detects deviations from the learned patterns of «normal» user behaviour and trigger an alarm when an intrusive activity occurs Needs to learn the «normal» usage profile (which is difficult to determine) Advantages Can dynamically adapt to new, unique, or original vulnerabilities Not as dependent upon specific operating systems as a knowledgebased IDS Disadvantages Does not detect an attack that does not significantly change the system-operating characteristics High false alarm rates. High positive are the most common failure of behavior-based ID systems The network may experienced an attack at the same time the intrusion detection system is learning the behaviour 8
9 Some IDSs issues Many issues confront the effective use of an IDS. These include the following: The need to interoperate and correlate data accross infrastructure environments with diverse technologies and policies Ever-increasing network traffic Risks inherent in taking inappropriate automated response actions Attacks on the IDSs themselves Unacceptably high level of false positives and false negatives => difficult to determine the true positives False negative: non detected incident which can generate security problems False positive: anomaly which is detected whereas the trigger event does not have any consequence to security The lack of objective IDS evaluation and test information 9
10 Active answers Functionalities of IDS: Responses to the detected intrusions - To undertake an aggressive action against the intruder (! Take care of legality issues!) - To restructure the network architecture To isolate the attacked system To modify the environment parameters which made the intrusion possible - To supervise the attacked system To collect information in order to understand the intrusion To identify the author of the intrusion and his approach To identify security failures Passive answers - Generation of an alarm - Emission of a SMS message towards the administrator 10
11 8.1.2 Functionalities of IDS: Analyze journals The journals provide explanations on the alarms which were set off Can receive the messages of journalizing of multiple events and audit the associated events of security (ex: filing of all the protocols of level application which are carried out on a machine). System of journalizing downstream (newspapers W. 2003, syslog Unix, traps SNMP) are given the responsability to correlate these events with other events Possibility of consigning packets which set off an alarm to be able to analyze them Possibility of configuring to collect additional packets (after an alarm) and even a complete session => essential to be able to understand why a given signature made it possible to identify a positive true 11
12 8.1.5 IPS: Intrusion Prevention Systems Blocking of the attacks as soon as possible Operate in conjunction with IDS IDS and IPS are combined in the same equipment Three techniques implemented to neutralize the attacks Sniping: allows IDS to put an end to a supposed attack by reinitialisation Shunning: allows IDS to automatically configure the pre-filtering router or the firewall so that this one rejects the traffic according to what the IDS detected, thus preventing connection Blocking: extension of shunning : here IDS contacts the router or the firewall and creates an access control list (ACL) to block the IP address of the attacker 12
13 8.1.5 IDS Product Few standard in the field of IDS SNORT Open source free IDS ( Analyze traffic and journalizing of the packets in real time on IP networks Support the analysis of protocols and the correspondence of contents. Can be employed to detect a variety of attacks and explorations Buffer Overflow Furtive Scan of ports Attack cgi SMB probe Identification of the operating system Language with flexible rules to describe the traffic to be let pass or to collect detection Engine real time alarm Function Alarms Mechanisms for Syslog File specified by the user Unix Socket WinPopup Messages for Windows clients who use smbclient (Samba) Three functions Packet Sniffer Journalisor of packages (useful for the debugging of the traffic network) IDS completely functional Command line Language graphic Interface developed by Engage Security ( Developed under Linux, some Windows versions exist 13
14 8.1.5 Example of IDS Billy Goat Collect information at the network level Listen to the traffic sent to unused addresses Either an error Or an attack attempt Responds to (HTTP, NETBIOS, MS/SQL, MS/RPC) requests and records the data which allows identify their behaviors and origin Can be seen as a server A HTTP server A SMB (Server Message Block) SMB protocol for file sharing, printer, ports series, launched by IBM in 1985 whose Samba, ms Networks are some alternatives A MS/SQL database server A distant procedures MS/RPC server Thanks to these properties, Billy Goat can detect several suspect activities Kismet 14
15 8.1.5 Ex of Enterasys IDS More details than only an analysis of protocols or the detection of anomalies Details of the detected attack Description of the attacks Attack packets 15
16 8.2 Honeypots
17 Purpose of honeypots Monitored mechanism that is used to: Keep a hacker away of valuable resources Provide an early indication of an attack Purposes Research mode Collects information on new and emerging threats Attack trends Production mode Preventing attacks Detecting attacks Responding to attacks 17
18 Honeypots Preventing attacks Slowing or impeding scans initiated by worms or automated attacks by monitoring unused IP space and detecting scanning activities Consuming an attacker s energy through interaction with a honeypot while the attack is detected, analyzed, and handled Detecting attacks Ability to capture new and unknown attacks Ability to capture polymorphic code Ability to handle encrypted data They are reducing the amount of data that has to be analysed by capturing only attack information Capable of operating with IPV6 Current solutions Honeyd Honeynet project 18
19 8.3 Evaluation of security and test of penetration
20 8.3 Evaluation of security and test of penetration Carry out an evaluation of the security of a network per annum Type of evaluations - Evaluation of the vulnerabilities and internal test of penetration - Evaluation of the vulnerabilities and external test of penetration - Evaluation of physical security We should specify well the contents of the evaluation, the procedures, planning, the duration of the tests 20
21 8.3 Evaluation of security and test of penetration: Evaluation of the vulnerabilities and internal test of penetration 60% of the threats come from inside - Incorrect configuration of the equipment of network - Lack of effective security procedures - Software to which the corrective measures were not applied Consultants in security - Should help the companies to knows about new vulnerabilities discovered each day in the operating systems and applications. - Must recommend corrective measures to set up in order to satisfy the objectives of your company as regards security 21
22 8.3 Evaluation of security and test of penetration: Evaluation of the vulnerabilities and internal test of penetration Methodology of evaluation Must be done on the site Must concentrate on the internal risks associated with the strategies, procedures, hosts and applications Minimal actions to carry out To collect all information which can be provided on the network To gather any information publicly available on the network to have an idea of what an attacker can know To use the techniques of hacking to determine the topology and the physical topology of the network To probe and scan the network 22
23 8.3 Evaluation of security and test of penetration: Evaluation of the vulnerabilities and internal test of penetration Methodology of evaluation Minimal actions to carry out (continuation) To use the techniques of hacking to identify the operating systems and to detect the vulnerabilities in order to reveal the exposed hosts To identify the models and flow of traffic to see whether they correspond to the activities considered as normal by the company (network supervision) To detect the weaknesses of the users authentication systems To analyze the vulnerabilities of the network and the hosts by means of public, private and personalized tools To manually check all the vulnerabilities detected to make sure that they are not false positive To observe the internal security practices and strategies used through all the network To analyze the results and to generate a report by providing specific recommendations to reinforce security 23
24 8.3 Evaluation of security and test of penetration: Evaluation of the vulnerabilities and internal test of penetration Methodology of evaluation (end) Final result of the internal evaluation = document containing Methodology Work carried out Details collected for each system, including those exposed to attacks Precise List of vulnerabilities Give a clearer vision of the network architecture and security risks Include the results and conclusions of each phase of the test as concrete recommendations presented with a priority order (realistic in term of cost) 24
25 8.3 Evaluation of security and test of penetration: Evaluation of the vulnerabilities and external test of penetration Main risks - Unsuitable configuration of the routers and firewall(s) - Non-protected Web Applications Evaluation Methodology evaluation achieved where the network interacts with outside Connections to Internet Wireless Networks telephony Systems We can use the same methodology as for Internal evaluation It is relevant to consider an internal and external evaluation simultaneously 25
26 8.3 Other types of evaluation Evaluation of the security strategies To make analyze by experts the security strategies and procedures in order to check their conformities with best practices Evaluation of the recovery capacity after a disaster To have a reliable recovery plan for the infrastructure Evaluation of the management of the confidential data for banks and medical institutes (for instance) Attention with the laws as regards financial and medical security Obligation to apply strict protection standards 26
27 Configuration management Process of tracking and approving changes to a system Identifying Controlling Auditing All changes made to the system Hardware and software changes Networking changes Any other change affecting security Configuration management can also be used to protect a trusted system while it is being designed and developed 27
28 Primary functions of configuration management To ensure that the change is implemented in an orderly manner through formalized testing To ensure that the user base is informed of the impending change To analyze the effect of the change on the system after implementation To reduce the negative impact that the change might have had on the computing service and resources 28
29 Procedures to implement and support the change control process Applying to introduce a change Cataloguing the intended change Scheduling the change Implementing the change Reporting the change to the appropriate parties 29
30 Business continuity and disaster recovery planning Contigency plan Documented, organized plan for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation Disaster recovery plan Plan and procedures that have been developed to recover from a disaster that has interfered with the network and other information system operations Continuity of operations plan The plans and procedures documented to ensure continued critical operations during any period where normal operations are impossible Business continuity plan Plan and procedures developed that identify and prioritize the critical business functions that must be preserved and the associated procedures for continued operations of those critical business functions 30
31 8.3 Suppliers of services of evaluation Cisco Security Services - INRGI - Aegis Security
32 8.4 Tools for analysis of vulnerabilities
33 8.4 Tools for vulnerabilities analysis : Nessus open Source solution Distant security scanner test all the services and all the ports (without making assumption on traditional associations services/ports) Precision of the scans and detection The documentation is not very accessible No technical support but mailing list developers Reporting Many links with a complete analysis of vulnerabilities risk Level which the vulnerabilities present for the network Graphs Update of the vulnerabilities Update via scripts which can be automated Do not function with Windows but has a Windows client allowing to connect itself to a Nessus server to carry out scans remotely
34 8.4 Tools for vulnerabilities analysis : Retina Continuation of security tools developed by eeye can scan in a short time machines on the network (Apple, Windows, Unix, Linux ) network Equipment (switches, firewall) Databases Specific applications Generate at the end of the scan a full report which details Vulnerabilities Corrective actions Suitable remedies Databases of vulnerability is available, downloaded to the beginning of each Retina session Existence of modules called CHAM (Common Hacking Attack Method) which can be used to carry out a detection and tests deepened in order to detect still unknown problems of security on the network Specified scans and detection Possibility of personalizing and of planning the scans (ex: scans of servers can be different from the scans of the users) Documentation and technical support Included in the help file of Windows and complete on line Form to obtain a support of the technical team (it is a company) Reporting Description of the vulnerabilities detected with links towards additional information Update of the vulnerabilities Can be configured to update not only the list of vulnerability but also its engine Once familiarized with its use, it is a very effective scanner 34
35 8.4 Summary of vulnerabilities following a scan on Retina 35
36 8.4 Details of the vulnerabilities on Retina 36
37 8.4 Limits of the vulnerability scanners Give a theoretical insurance of security Identify the vulnerabilities, but not the consequences of the danger Produce a long list of weakness (including false positive ) Do not allow to identify the resources likely to be compromised Cannot simulate true attacks 37
38 8.5 Tools for tests of penetration
39 8.5 Tools for test of penetration Intervene where the tools for evaluation show their limits Core Impact Core Security, Tackles the computer resources and presents a detailed analysis of the incurred risks Precision of the scans and detection: allows to explore the ports and to detect the target operating system Reporting: Report of discovery: enumerate all the hosts discovered and their vulnerabilities Report of histories: enumerate all the activities carried out by the user Update of the vulnerabilities Update of the attack modules The company makes evolve its product 39
40 Bibliographical references E. Cole, R. Krutz, JW Conley - Network security bible Wiley, La sécurité des réseaux-first steps, Tom Thomas, Cisco Press, 2005 Les réseaux, édition 2005, G. Pujolle, Eyrolles 2004 MySQL, WebTraining, Jay Greenspan, OEM, 2002 S. Ghernaouti-Helie Sécurité informatique et réseaux Dunod,
41 The use of the methods and tools described in this course engages the responsibility for the users! 41
42 TD 1. Comparez les systèmes de détection d intrusions dont la collecte d information est basée sur les machines hôtes et sur le réseau 2. Quels sont les avantages et inconvénients d un système de détection d intrusions utilisant la méthode d analyse par signature? 42
Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationIntrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationCourse Title: Penetration Testing: Security Analysis
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
More informationIntruders and viruses. 8: Network Security 8-1
Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIDS : Intrusion Detection System the Survey of Information Security
IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationIntrusion Detections Systems
Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationIntruPro TM IPS. Inline Intrusion Prevention. White Paper
IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationIntrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationUnderstanding Security Testing
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationIDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow
IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication
More informationUsing Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)
Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationIntrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS)
1 of 8 3/25/2005 9:45 AM Intrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Intrusion Detection systems fall into two broad categories and a single new one. All categories
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationP Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis
Agenda Richard Baskerville P Principles of P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Principles Kim, et al (2004) A fuzzy expert system for
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationDragon solution. Zdeněk Pala. ECIE certified engineer ECI certified instructor zpala@enterasys.com. There is nothing more important than our customers
There is nothing more important than our customers Dragon solution Zdeněk Pala ECIE certified engineer ECI certified instructor zpala@enterasys.com A Division of Siemens Enterprise Communications GmbH
More informationBlended Security Assessments
Blended Security Assessments Combining Active, Passive and Host Assessment Techniques October 12, 2009 (Revision 9) Renaud Deraison Director of Research Ron Gula Chief Technology Officer Table of Contents
More informationIntrusion Detection Systems. Overview. Evolution of IDSs. Oussama El-Rawas. History and Concepts of IDSs
Intrusion Detection Systems Oussama El-Rawas History and Concepts of IDSs Overview A brief description about the history of Intrusion Detection Systems An introduction to Intrusion Detection Systems including:
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationFundamentals of Network Security - Theory and Practice-
Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring
More informationEnvironment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
More informationINTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
More informationComputer Networks & Computer Security
Computer Networks & Computer Security Software Engineering 4C03 Project Report Hackers: Detection and Prevention Prof.: Dr. Kartik Krishnan Due Date: March 29 th, 2004 Modified: April 7 th, 2004 Std Name:
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationNetwork Security Demonstration - Snort based IDS Integration -
Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationIntrusion Detection Systems vs. Intrusion Prevention Systems. Sohkyoung (Michelle) Cho ACC 626
Intrusion Detection Systems vs. Intrusion Prevention Systems Sohkyoung (Michelle) Cho ACC 626 1.0 INTRODUCTION An increasing number of organizations use information systems to conduct their core business
More informationExam 1 - CSIS 3755 Information Assurance
Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationHackers: Detection and Prevention
Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2. Intrusion Detection and Prevention Systems
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 13 Intrusion Detection and Prevention Systems By Whitman, Mattord, & Austin 2008 Course Technology Learning Objectives Describe
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationNetwork Security. 1 Pass the course => Pass Written exam week 11 Pass Labs
Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet
More informationEvaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation
Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation R. K. Cunningham, R. P. Lippmann, D. J. Fried, S. L. Garfinkel, I. Graf, K. R. Kendall,
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More information