Intrusion Detection System Intrusion Prevention System Topics Intrusion
- Slides: 14
Intrusion Detection System Intrusion Prevention System
Topics Intrusion Detection (IDS) ¡ Intrusion Prevention (IPS) ¡ Prevention Methods ¡ Detection Methods ¡ Cisco Product ¡
Intrusion Detection System Passive ¡ Limitations ¡ Types ¡ l l l Network Based Host Based Application Based
Network Based IDS ¡ ¡ Device or Software Connects to network segment Monitors segment Attack patterns l l ¡ Protocol Stack Verification Application Protocol Verification Disadvantages l l l Slows throughput Overwhelmed fails to detect Cannot analyze encrypted packets Connection to Switches Human analysis
Host Based IDS Software ¡ Monitors host ¡ Change Management premise ¡ l Size, location, authorization changes Audit trail ¡ Alerts ¡ Manage multiple computers ¡ Advantages/Disadvantages p 294 ¡
Application Based IDS ¡ ¡ ¡ Software Monitors application Abnormal events l l ¡ ¡ Exceeding authorization Invalid file execution Unauthorized writes to memory or registry File reads/writes View encrypted data Trace user activity
Intrusion Prevention System ¡ ¡ Active Types l l ¡ Network Based Network Behavior Analysis Host Based Wireless Detection Methods l l l Signature Based Statistical Anomaly Based Stateful Protocol Analysis
IPS Preventions ¡ Most IPS Preventions l l l ¡ End Session Firewalling Throttling Bandwith Usage Altering Malicious Content Reconfiguring Run 3 rd party Program Host Based Preventions l l Code Analysis Network Traffic Filtering Filesystem Monitoring
Wireless IPS 2. 5 GHz and 5 GHz bands ¡ Sensor types ¡ Sensor placement ¡ Security Capabilities ¡ Prevention ¡
Detection Methods Signature Based ¡ Statistical Anomaly-Based ¡ Stateful Protocol Analysis ¡
Signature Based Know patterns ¡ Requires updating ¡ Misses slow methodical attacks ¡ Deters ¡ l l l Footprinting Fingerprinting DOS
Statistical Anomaly-Based ¡ Baseline l l l ¡ ¡ Normal activity Memory usage CPU usage Network packet types Packet quantities Alerts Detects new attacks Overhead False positives
Stateful Protocol Analysis Static Vendor Profile ¡ False Positives ¡ Prevention ¡ Needs updating ¡
Cisco IPS $3, 360. 00
- Primary prevention secondary prevention tertiary prevention
- Intrusion detection open source
- Bro ids hardware requirements
- Datenkorrelation
- Configure ios intrusion prevention system (ips) using cli
- Host intrusion prevention system
- Common intrusion detection framework
- Intrusion detection systems (ids)
- Firewalls and intrusion detection systems
- Fiber optic perimeter intrusion detection systems
- Infrasonic intrusion detection
- Deadlock detection prevention and avoidance
- Deadlock prevention or avoidance
- "bourdon usa"
- System log analysis for anomaly detection