Intrusion Detection Systems
Download
Report
Transcript Intrusion Detection Systems
INTRUSION DETECTION
SYSTEMS
Tristan Walters
Rayce West
OVERVIEW
Definition – What is intrusion detection and intrusion detection
systems(IDS)
Characteristics of Intrusion Detection Systems
Typical Components of Intrusion Detection Systems
Types of Intrusion Detection Systems
Network-Based
Host-Based
Wireless
Conclusion
DEFINITION
Intrusion Detection
The process of monitoring and analyzing a computer system or network for
suspicious behavior or potential threats
Intrusion Detection Systems
The software and/or hardware that automate the process of monitoring events on a
system or network and analyzing gathered information for intrusions
CHARACTERISTICS
Information recording
Logging gathered information
Analyzing information
Notifying system administrators
Reports
TYPICAL COMPONENTS
Sensors
Collect data from various sources.
Network packets, log files, etc
Management Servers
Analyze information collected by sensors
Can decide if an intrusion is occurring and take action
User Interface
Typically a software tool for system admins
Allows admin interaction with the IDS
Databases
Store sensor gathered data, logging information, etc
NETWORK-BASED IDS
Monitors computer networks for possible intruders
Analyzes network traffic and transport/application protocols
Primary component
Sensors Inline – sensors placed in direct network traffic flow
Passive – sensors connected to the network from the outside
Logging
Focuses on network information
IP addresses/MAC addresses, transportation protocols, etc
INLINE SENSOR
PASSIVE SENSOR
HOST-BASED IDS
Monitors events on a single host machine for attacks
Code analysis – malicious code, buffer overflows
Running applications
Changes in the host network settings
File system monitoring – access and integrity
Primary component
Agents – Software installed on the host that monitors and communicates with the
management server
Logging
Focuses on application information, file paths and names, user information
HIDS ARCHITECTURE
WIRELESS IDS
Very similar to NIDS. Monitors wireless networks rather than physical
Analyzes wireless network protocols for suspicious activity
Primary Component
Sensors – samples frequency channels for malicious activities
Channel Scanning – constantly scans different channels in different frequency bands
Fixed sensors – a sensor placed in a fixed location
Mobile sensors – sensors that allow movement around a network
Logging
Channel numbers, sensor ID that observed a malicious event, source MAC address
WIRELESS IDS SETUP
CONCLUSION
There are a variety of different IDSs that contain a variety of
components
IDSs are essential in any organization and institute that handle
important data
Very helpful for system administrators