Scribd Logo
Upload

Welcome to Scribd!

  • Intrusion Detection System

    Uploaded by

    Nithyasri A
    5 views22 pages
    -

    Original Title

    IDS

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    -

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views22 pages

    Intrusion Detection System

    Uploaded by

    Nithyasri A
    -

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    INTRUSION DETECTION

    SYSTEM

    1
    WHAT IS IDS?
    An IDS is a system designed to detect unauthorized
    access to secure systems. i.e. Hacking , cracking or
    script based attacks.
    intrusion detection systems do exactly as the name
    implies: they detect possible intrusions
    IDS tools aim to detect computer attacks and/or
    computer misuse and alert the proper individuals
    upon detection
    An IDS provides much of the same functionality
    as a burglar alarm installed in a house

    2
    WHAT IS INTRUSION DETECTION??
    Intrusions are the activities that violate the security
    policy of system.
    Intrusion Detection is the process used to identify
    intrusions
    Intrusion : Attempting to break into or misuse your
    system.
    Intruders may be from outside the network or legitimate
    users of the network.

    3
    DISADVANTAGES OF EXISTING SYSTEM
    No detection and prevention framework in a virtual
    networking environment
    Not accuracy in the attack detection from attackers.

    4
    ADVANTAGES OF IDS
    allows administrator to tune, organize and
    comprehend often incomprehensible operating
    system audit trails and other logs
    can make the security management of systems by
    non-expert staff possible by providing user friendly
    interface
    can recognize and report alterations to data files
    IDS generate alarm and report to administrator that
    security is breaches and also react to intruders by
    blocking them or blocking server.
    It provides time to time information, it recognize
    attacker (intrusion) & report alteration to data files.
    5
    TYPES OF INTRUSION DETECTION SYSTEM
    ->Based on the sources of the audit information used by each
    IDS, the IDSs may be classified into

    Host Based Intrusion Detection: HIDSs evaluate


    information found on a single or multiple host systems,
    including contents of operating systems, system and
    application files .

     Network Based Intrusion Detection: NIDSs evaluate


    information captured from network communications,
    analyzing the stream of packets which travel across the
    network .
    6
    WHERE WE PLACED IDS??

    7
    COMPONENTS OF IDS
    IDS system containing following 3 component:
    Event generator.
    Analysis engine.
    Response/alert.

    8
    SNORT:
    SNORT is a free and open source network intrusion
    detection and prevention system created by Martin
    Roesch in 1998.
    Snort has the ability to perform real-time traffic
    analysis and packet logging on Internet Protocol (IP)
    networks
    It performs protocol analysis, content searching, and
    content matching.

    9
    10
    COMPONENTS OF SNORT
    a. Packet Decoder
    b. Preprocessors
    c. Detection Engine
    d. Logging and Alerting System
    e. Output Modules

    11
    Fig shows how these components are arranged. Any data packet coming
    from the Internet enters the packet decoder. On its way towards the
    output modules, it is either dropped, logged or an alert is generated

    12
    PACKET DECODER:
    The packet decoder takes packets from different types
    of network interfaces and prepares the packets to be
    preprocessed or to be sent to the detection engine
    The interfaces may be Ethernet, SLIP, PPP and so on.

    13
    PREPROCESSORS
    Preprocessors also known as a input plug-ins.
    Preprocessors are components or plug-ins that can be
    used with Snort to arrange or modify data packets
    before the detection engine does some operation to
    find out if the packet is being used by an intruder.
    They are also used to normalize protocol headers,
    detect anomalies, packet reassembly and TCP stream
    re-assembly.

    14
    DETECTION ENGINE
    The detection engine is the most important part of
    Snort.
    Its responsibility is to detect if any intrusion activity
    exists in a packet.

    15
    LOGGING AND ALERTING SYSTEM
    It generates alert and log messages depending upon
    what the detection engine finds inside a packet.

    16
    OUTPUT MODULES
     Output modules or plug-ins process alerts and logs
    and generate final output.

    17
    ISS – Real Secure from Internet Security Systems:
    Commercial ID Systems

    Real time IDS.


    Contains both host and network based IDS.
    Tripwire – File integrity assessment tool.
    Bro and Snort – open source public-domain system.

    18
    SYSTEM CONFIGURATION:
    Hardware Configuration:-
     Processor - Pentium –IV
     Speed - 1.1 GHz
     RAM - 256 MB(min)
     Hard Disk - 20 GB
    Key Board - Standard Windows Keyboard
    Mouse - Two or Three Button Mouse
    Monitor - SVGA

    19
    Software Configuration:-
     Operating System: Windows XP
    Programming Lang.: JAVA/J2EE
     Java Version: JDK 1.6 & above.

    20
    REFERENCES:
    www.securityfocusonline.com/IDS
    www.linuxsecurity.com/4030/topic/IDS
    www.acm.com/intrusion detection system/
    www.securitydocs.com
    www.studymafia.org
    Reference book :Intrusion Detection Systems
    with Snort by Rafeeq Ur Rehman

    21
    THANK YOU

    22

    You might also like