Professional Documents
Culture Documents
SYSTEM
1
WHAT IS IDS?
An IDS is a system designed to detect unauthorized
access to secure systems. i.e. Hacking , cracking or
script based attacks.
intrusion detection systems do exactly as the name
implies: they detect possible intrusions
IDS tools aim to detect computer attacks and/or
computer misuse and alert the proper individuals
upon detection
An IDS provides much of the same functionality
as a burglar alarm installed in a house
2
WHAT IS INTRUSION DETECTION??
Intrusions are the activities that violate the security
policy of system.
Intrusion Detection is the process used to identify
intrusions
Intrusion : Attempting to break into or misuse your
system.
Intruders may be from outside the network or legitimate
users of the network.
3
DISADVANTAGES OF EXISTING SYSTEM
No detection and prevention framework in a virtual
networking environment
Not accuracy in the attack detection from attackers.
4
ADVANTAGES OF IDS
allows administrator to tune, organize and
comprehend often incomprehensible operating
system audit trails and other logs
can make the security management of systems by
non-expert staff possible by providing user friendly
interface
can recognize and report alterations to data files
IDS generate alarm and report to administrator that
security is breaches and also react to intruders by
blocking them or blocking server.
It provides time to time information, it recognize
attacker (intrusion) & report alteration to data files.
5
TYPES OF INTRUSION DETECTION SYSTEM
->Based on the sources of the audit information used by each
IDS, the IDSs may be classified into
7
COMPONENTS OF IDS
IDS system containing following 3 component:
Event generator.
Analysis engine.
Response/alert.
8
SNORT:
SNORT is a free and open source network intrusion
detection and prevention system created by Martin
Roesch in 1998.
Snort has the ability to perform real-time traffic
analysis and packet logging on Internet Protocol (IP)
networks
It performs protocol analysis, content searching, and
content matching.
9
10
COMPONENTS OF SNORT
a. Packet Decoder
b. Preprocessors
c. Detection Engine
d. Logging and Alerting System
e. Output Modules
11
Fig shows how these components are arranged. Any data packet coming
from the Internet enters the packet decoder. On its way towards the
output modules, it is either dropped, logged or an alert is generated
12
PACKET DECODER:
The packet decoder takes packets from different types
of network interfaces and prepares the packets to be
preprocessed or to be sent to the detection engine
The interfaces may be Ethernet, SLIP, PPP and so on.
13
PREPROCESSORS
Preprocessors also known as a input plug-ins.
Preprocessors are components or plug-ins that can be
used with Snort to arrange or modify data packets
before the detection engine does some operation to
find out if the packet is being used by an intruder.
They are also used to normalize protocol headers,
detect anomalies, packet reassembly and TCP stream
re-assembly.
14
DETECTION ENGINE
The detection engine is the most important part of
Snort.
Its responsibility is to detect if any intrusion activity
exists in a packet.
15
LOGGING AND ALERTING SYSTEM
It generates alert and log messages depending upon
what the detection engine finds inside a packet.
16
OUTPUT MODULES
Output modules or plug-ins process alerts and logs
and generate final output.
17
ISS – Real Secure from Internet Security Systems:
Commercial ID Systems
18
SYSTEM CONFIGURATION:
Hardware Configuration:-
Processor - Pentium –IV
Speed - 1.1 GHz
RAM - 256 MB(min)
Hard Disk - 20 GB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
19
Software Configuration:-
Operating System: Windows XP
Programming Lang.: JAVA/J2EE
Java Version: JDK 1.6 & above.
20
REFERENCES:
www.securityfocusonline.com/IDS
www.linuxsecurity.com/4030/topic/IDS
www.acm.com/intrusion detection system/
www.securitydocs.com
www.studymafia.org
Reference book :Intrusion Detection Systems
with Snort by Rafeeq Ur Rehman
21
THANK YOU
22