Network based Intrusion Detection Systems

Zainab Aafia

- What is a "network intrusion detection system (NIDS)"? - Who is misusing the system? - How do intruders get into systems? - Why can intruders get into systems? - How do intruders get passwords? - Types of attacks

‡ A network based intrusion detection system (IDS) is a device or software application that monitors network for malicious activities or policy violations and produces reports to a Management Station. .

Who is misusing the system? Intruders can be classified into two categories. Insiders . 1. Outsiders 2.

How do intruders get into systems? ‡ The ways an intruder can get into a system are Physical Intrusion System Intrusion .

Why can intruders get into systems? ‡ Software bugs ‡ Password cracking ‡ System Design flaws .

How do intruders get passwords? ‡ Encrypted sniffing ‡ Observation ‡ Social Engineering .

How do intruders get passwords? ‡ Encrypted sniffing ‡ Observation ‡ Social Engineering .

Types of attacks ‡ Unauthorized access to the resource ‡ Unauthorized alteration of resources (after gaining unauthorized access) ‡ Denial of Service (DoS) .

How are intrusions detected? ‡ Anomaly detection ‡ Signature recognition .

Database .Components of an IDS ‡ Sensors ‡ Front end 1. Management Server ‡ Back End 1. Management Interface or console 2.

Architecture of an IDS .

Collect and Alert ‡ Frontend .Command and Control .Working of an IDS ‡ Sensors .Detect and Report ‡ Backend .

Where an IDS should be placed on the network? ‡ Network hosts ‡ WAN backbone ‡ LAN backbone ‡ Server farms .

and filters traffic that might be harmful.IDS and Firewalls ‡ Firewall is a device and/or a software that stands between a local network and the Internet. ‡ An Intrusion Detection System (IDS) is a software or hardware device installed on the network to detect and report intrusion attempts to the security administrator who block them. .

What is IDS good for? ‡ Forensic Analysis ‡ Recognize damage for the affected systems ‡ Evaluating Incidents .

Why IDS when already a firewall is installed? ‡ ‡ ‡ ‡ Trojans Spyware Legal Issues Ransomware .

Commercially available IDS ‡ Snort ‡ RealSecure by Internet Security System ‡ CyberCop Monitor by Network Associates ‡ Dragon by Security Wizards .

Limitations of IDS ‡ Encrypted packets ‡ Triggering False alarms ‡ Analytical module .

where traffic doesn't go past the firewall at all.Conclusion ‡ Installing IDS are becoming the next step for many organizations after deploying firewall technology at the network perimeter. . ‡ IDS can offer protection from external users and internal attackers.

Sign up to vote on this title
UsefulNot useful