intrusion detection system(ids) at a glance (ppt)
TRANSCRIPT
Intrusion Detection System (IDS) at a
Glance
Intrusion Detection System or IDS is a security software which is designed to help administrator to automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies are taken. It helps to deals with such attacks by inspecting all of the inbound or outbound traffic on a network.
Types Of Intrusions / AttacksWeb Based Attacks
SQL Injection, Web Shells
LFI, RFI and XSS Attacks
Network Based AttacksUnauthorized LoginDenial Of Service attacksScanning ports and servicesReplication of Worms, Trojan, VirusSpoofing Attacks ( Arpspoof, Dns spoof Attacks )
Zero Day AttacksAttacks that aren’t known.
How detection is performed in IDS Software?
IDS Signature Based detection- This type of detection work well with the threads that are already determined or known.
Anomaly-based detection-- This detection works on the basis of Comparison. It determines the traits of a normal action against characteristics that marks them as abnormal.
A Typical Intrusion detection functions include :
Monitoring and analyzing both user and system activities
Analyzing system configurations and vulnerabilities
Assessing system and file integrity
Ability to recognize typical patterns of attacks
Analysis of abnormal activity patterns
Tracking user policy violations
Major component of an IDS System
Network Intrusion Detection System (NIDS): This does analysis for traffic on a whole subnet and will
make a match to the traffic passing by to the attacks already known in a library of known attacks.
Network Node Intrusion Detection System (NNIDS):
This is similar to NIDS, but the traffic is only monitored on a single host, not a whole subnet.
Host Intrusion Detection System (HIDS): This takes a “picture” of an entire system’s file set and compares it to a previous picture. If there are significant differences, such as missing files, it alerts the administrator.
PROS of an IDS System
CAN add a greater degree of integrity to the rest of your infrastructureCAN trace user activity from point of entry to point of impact
CAN recognize and report alterations to data
CAN automate a task of monitoring the Internet searching for the latest attacks
CAN detect when your system is under attack
CAN make the security management of your system possible bynon-expert staff
CONS Related to an IDS System
CAN NOT compensate for a weak identification and authentication mechanismsCAN NOT conduct investigations of attacks without human interventionCAN NOT compensate for weaknesses in network protocolsCAN NOT analyze all the traffic on a busy networkCAN NOT always deal with problems involving packet-level attacksCAN NOT deal with some of the modern network hardware and features
How to protect IDS
• Don’t run any service on your IDS sensor• The platform on which you are Running IDS should be
patched with the latest release from your vendor• Configure the IDS machine so that it doesn't respond to
ping packets• User account should not be created except those that are
necessary