This action might not be possible to undo. Are you sure you want to continue?
Introduction What is Intrusion What is IDPS Principles Components Need of IDPS Types of IDPS Conclusion
The goal of Computer Network Security is to improve Confidentiality integrity and availability Intrusion Detection & Prevention System 3 .@ USA.Introduction Intrusion Detection & prevention systems (IDPS) was invented in the late 1990s by Andrew Plato who was a technical writer and consultant for Network ICE .
Intrusion prevention (authentication.What is an intrusion? Intrusion is the act of entering(putting) one self in without invitation. availability.) alone is not sufficient. Intrusion detection is needed!! Intrusion Detection & Prevention System 4 . permission. etc. It is Any set of actions that threaten(damage) the integrity. or confidentiality of computer network resources. encryption. or welcome.
Intrusion Detection/Prevention Systems (IDPS) It is a one type computer network security in which un authorized access to a computer system or a computer network can be detected. It is the combined applications of IDS and IPS. Intrusion Detection & Prevention System 5 . In other case it is a hardware or software application that monitors network or system activities from malicious activities or policy violations and produces reports to a Management Station.
Identifying abnormal activities.What process IDPS is involves? Monitoring and analyzing network traffic. Assessing severity and raising alarm. Intrusion Detection & Prevention System 6 . The primary responsibility of an IDPS is to detect unwanted and malicious activities.
they make access control decisions based on application content.Intrusion Prevention System (IPS) IPS is not a new technology. Usually IPS is a combination of a firewall and an IDS Intrusion Detection & Prevention System 7 . IPS is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. rather than IP address or ports as traditional firewalls had done. IPS combine IDSs and improved firewall technologies. but it is simply an evolved version of IDS.
Vulnerability: A known or suspected flaw(error) in the h/w or s/w or operation of a system that exposes the system to penetration or its information to accidental disclosure. Penetration: A successful attack.Terminology used in IDPSs Risk : Accidental exposure of information. or violation of operations integrity due to the malfunction of hardware or incomplete or incorrect software design. Intrusion Detection & Prevention System 8 . Attack: A specific formulation or execution of a plan to carry out a threat.
looking for them Minimize false positives. False negative: An event that the IDS fails to identify as an intrusion when one has in fact occurred Intrusion Detection & Prevention System 9 . Detect intrusions in timely fashion. easy-to-understand format Be accurate Minimize time spent verifying attacks.Goal of IDPS Detect wide variety of intrusions. incorrectly identified by the IDPS as being an intrusion when none has occurred. false negatives. False positive: An event. Present analysis in simple.
3.It is a program that provides an interface for the IDPS’s users and administrators.A centralized device that receives information from the sensors or agents and manages them. Management Server:. Console:. 4. agents. Intrusion Detection & Prevention System 10 . Many IDPSs provide support for database servers. Database Server:. Sensor or Agent:.Components Of IDPS 1. and/or management servers.Monitor and analyze activity. 2.A database server is a repository for event information recorded by sensors.
Internet Database Server data centre Core Access IDPS Console Work Station Servers Wireless Sensor Management Server Wireless Access Point .
General IDS Arch/Model • • • • • Sensor Analyzer Manager Administrator Operator Data Source Activity Sensor Sensor Events Operator Notifications Events Analyzer Alerts Manager Security Policy Security Policy Security Policy Response Administrator Intrusion Detection & Prevention System Security Policy 12 .
Detect and contain worm and virus threats. and Act as a network sanitizing agent. Assist in compliance requirements. Intrusion Detection & Prevention System 13 . Serve as a network monitoring point.Why IDPS Should Be Used? Because it is cost-effective ways to Block malicious traffic.
5. Producing reports. 4. The IPS stops the attack itself. Notifying security administrators of important observed events. Recording information related to observed events 2.How Does IDPS Is Works? 1. The IPS changes the security environment. 3. The IPS changes the attack’s content Intrusion Detection & Prevention System 14 . 6.
What can an IDPS do? IPDS can detect and block : OS. Web and database attacks Spyware / Malware Instant Messenger Peer to Peer (P2P) Worm propagation Critical outbound data loss (data leakage) Intrusion Detection & Prevention System 15 .
trying to do a valid procedure. Intrusion Detection & Prevention System 16 . causing denial of service to a valid user. allowing a malicious activity to go by.What can not IDPSs do? One of the most common problems with an IDPS is the detection of • false positives or • false negatives This occurs when the system blocks a activity on the network because it is out of the normal and so it assumes it is malicious. or in the case of a false negative.
Principles of Intrusion Detection/Prevention Systems The IDPS Must Be:- Run un attended for extended periods of time Stay active and secure Able to recognize unusual activity Operate without unduly affecting the system’s activity Configurable Intrusion Detection & Prevention System 17 .
What Should Be Done After/While Detection Happen? Reconfigure firewall Send e-mail/page to System administrator Terminate the TCP session Authentication Encryption Intrusion Detection & Prevention System 18 .
Type of IDPS Technologies 1. Wireless 4. Network-Based network traffic for particular network segments or devices and analyzes the network and application protocol activity to identify suspicious activity. Intrusion Detection & Prevention System 19 :-Monitors . Network Behavior Analysis …etc 1. Network-Based 2. Host-Based 3.
3.Type of IDPS Technologies(cont. scanning. and certain forms of malware.) 2.Monitors wireless network traffic and analyzes it to identify suspicious activity involving the wireless networking protocols . 4. such as DDoS attacks. Intrusion Detection & Prevention System 20 .. Host-Based :-Monitors the characteristics of a single host and the events occurring within that host for suspicious activity.. Network Behavior Analysis (NBA) :.examines network traffic to identify threats that generate unusual traffic flows. Wireless :.
Anomaly-Based Detection compares definitions of what activity is considered normal against observed events to identify significant deviations. State full Protocol Analysis compares predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. Intrusion Detection & Prevention System 21 .Common Detection Methodologies Signature-Based Detection compares known threat signatures to observed events to identify incidents.
How often the signatures are updated is a key indicator of how serious they are about selling IPS High Availability Will it do Active-Passive.What to Consider When Buying IDPS? Speed / latency Will the device perform under load? Accuracy How many attacks did it miss? How many false attacks did it block? Signature Updates Absolutely critical. Active-Active? Fail Open Will the device pass traffic in the event of a device failure? Intrusion Detection & Prevention System 22 .
Among these systems the following are necessary: Operating Systems » A good operating system that has logging and auditing features.Implementation An effective IDPS does not stand alone. e-mail servers. and databases should include logging/auditing features as well. Network management platform Hardware platform » Intel based » SPARC based Intrusion Detection & Prevention System 23 . » Eg Windows. Firewalls » A good firewall should have some network intrusion detection capabilities. It must be supported by a number of other systems. and others Services » All applications on servers such as Web servers. Unix/linux.
There are limitations of IDPSs however these limitations for the most part can be worked around.Conclusion IDPS is a powerful security system and it's proving to make a significant impact in information systems. The amount of network bandwidth that can be handled through IPDS units has grown substantially. Generally we can conclude that IPDSs are useful and have proven to make significant differences on large networks where many attacks are evident or happen. Intrusion Detection & Prevention System 24 .
**************************************** THANK YOU 4 UR ATTENTION!!!! * * * * * * @ * Intrusion Detection & Prevention System 25 .
Questions Are Appreciated!! Intrusion Detection & Prevention System 26 .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.