Professional Documents
Culture Documents
2-System Security-06-05-2023
2-System Security-06-05-2023
Module 2
System Security
• System Vulnerabilities – Network Security Systems – System Security
– Web Security – Intrusion Detection Systems
Host application and operating system (OS) Can analyze activity that
Host-Based activity; network, transport, Individual host was transferred in end-to-end
and application TCP/IP layer activity encrypted communications
Friday, 26 May 2023 Instructor: Dr. Kovendan AKP 37
Detection Method of Intrusion Prevention
System (IPS)
• Signature-based detection
• Signature-based IDS operates packets in the network and compares with pre-
built and preordained attack patterns known as signatures.
• Statistical anomaly-based detection
• Anomaly based IDS monitors network traffic and compares it against an
established baseline. The baseline will identify what is normal for that
network and what protocols are used. However, It may raise a false alarm if
the baselines are not intelligently configured.
• Stateful protocol analysis detection
• This IDS method recognizes divergence of protocols stated by comparing
observed events with pre-built profiles of generally accepted definitions of
not harmful activity.
Configuration mode Layer 3 mode or transparent Inline mode , generally being in layer 2 Inline or as end host (via span) for monitoring
mode and detection
Placement Inline at the Perimeter of Inline generally after Firewall Non-Inline through port span (or via tap)
Network
Traffic patterns Not analyzed Analyzed Analyzed
Placement wrt each Should be 1st Line of defense Should be placed after the Firewall device Should be placed after firewall
other in network
Action on unauthorized Block the traffic Preventing the traffic on Detection of Alerts/alarms on detection of anomaly
traffic detection anomaly
Related terminologies > Stateful packet filtering > Anomaly based detection > Anomaly based detection
> permits and blocks traffic by > Signature detection > Signature detection
port/protocol rules > Zero day attacks > Zero day attacks
> Blocking the attack > Monitoring
Friday, 26 May 2023 Instructor: Dr. Kovendan AKP 41
> Alarm