Intrusion Detection System Intrusion Prevention System Topics Intrusion

Topics Intrusion Detection (IDS) ¡ Intrusion Prevention (IPS) ¡ Prevention Methods ¡ Detection Methods

Intrusion Detection System Passive ¡ Limitations ¡ Types ¡ l l l Network Based

Network Based IDS ¡ ¡ Device or Software Connects to network segment Monitors segment

Host Based IDS Software ¡ Monitors host ¡ Change Management premise ¡ l Size,

Application Based IDS ¡ ¡ ¡ Software Monitors application Abnormal events l l ¡

Intrusion Prevention System ¡ ¡ Active Types l l ¡ Network Based Network Behavior

IPS Preventions ¡ Most IPS Preventions l l l ¡ End Session Firewalling Throttling

Wireless IPS 2. 5 GHz and 5 GHz bands ¡ Sensor types ¡ Sensor

Detection Methods Signature Based ¡ Statistical Anomaly-Based ¡ Stateful Protocol Analysis ¡

Signature Based Know patterns ¡ Requires updating ¡ Misses slow methodical attacks ¡ Deters

Statistical Anomaly-Based ¡ Baseline l l l ¡ ¡ Normal activity Memory usage CPU

Slides: 14

Download presentation

Intrusion Detection System Intrusion Prevention System

Topics Intrusion Detection (IDS) ¡ Intrusion Prevention (IPS) ¡ Prevention Methods ¡ Detection Methods ¡ Cisco Product ¡

Intrusion Detection System Passive ¡ Limitations ¡ Types ¡ l l l Network Based Host Based Application Based

Network Based IDS ¡ ¡ Device or Software Connects to network segment Monitors segment Attack patterns l l ¡ Protocol Stack Verification Application Protocol Verification Disadvantages l l l Slows throughput Overwhelmed fails to detect Cannot analyze encrypted packets Connection to Switches Human analysis

Host Based IDS Software ¡ Monitors host ¡ Change Management premise ¡ l Size, location, authorization changes Audit trail ¡ Alerts ¡ Manage multiple computers ¡ Advantages/Disadvantages p 294 ¡

Application Based IDS ¡ ¡ ¡ Software Monitors application Abnormal events l l ¡ ¡ Exceeding authorization Invalid file execution Unauthorized writes to memory or registry File reads/writes View encrypted data Trace user activity

Intrusion Prevention System ¡ ¡ Active Types l l ¡ Network Based Network Behavior Analysis Host Based Wireless Detection Methods l l l Signature Based Statistical Anomaly Based Stateful Protocol Analysis

IPS Preventions ¡ Most IPS Preventions l l l ¡ End Session Firewalling Throttling Bandwith Usage Altering Malicious Content Reconfiguring Run 3 rd party Program Host Based Preventions l l Code Analysis Network Traffic Filtering Filesystem Monitoring

Wireless IPS 2. 5 GHz and 5 GHz bands ¡ Sensor types ¡ Sensor placement ¡ Security Capabilities ¡ Prevention ¡

Detection Methods Signature Based ¡ Statistical Anomaly-Based ¡ Stateful Protocol Analysis ¡

Signature Based Know patterns ¡ Requires updating ¡ Misses slow methodical attacks ¡ Deters ¡ l l l Footprinting Fingerprinting DOS

Statistical Anomaly-Based ¡ Baseline l l l ¡ ¡ Normal activity Memory usage CPU usage Network packet types Packet quantities Alerts Detects new attacks Overhead False positives

Stateful Protocol Analysis Static Vendor Profile ¡ False Positives ¡ Prevention ¡ Needs updating ¡

Cisco IPS $3, 360. 00