SlideShare une entreprise Scribd logo
1  sur  16
Télécharger pour lire hors ligne
Network-Based Intrusion
     Detection Systems
        By: John Buckhorn
Introduction
 Security Threats on the Rise
Traditional Protection
  Antivirus
  Firewalls
History
• USAF – 1972
  – Noted vulnerabilities of computer security
• 1984
  – First Intrusion Detection System Prototype
  – Real Time Intrusion Detection
  – Would eventually evolve into modern NBIDS
IDS Features
•   Pattern matching
•   Data destruction
•   denial-of-service
•   Hostile code
•   Network or System Eavesdropping
•   System and Network Mapping
•   Unauthorized access
•   Anomaly Detection
Intrusion Detection Technologies
• Host-based Intrusion detection Systems
  (HIDS)
• Network-Based intrusion detection systems
  (NBIDS)
• File System Integrity checkers
• Honeypot Systems
• Security Information Management (SIM)
Network-Based Intrusion Detection
         System (NBIDS)
 • More network based attacks

 • Shift from host based to network based

 • An NBIDS is a system that monitors traffic
   at selected points on a network or
   interconnected set of networks
Types of Attacks
             (Internal)
• Insider Attacks
  – Not limited to an employee
• Examples
  – Internal Denial of Service (DoS)
  – Internal Privilege Escalation
  – Internal Super-User Privileges
Types of Attacks
             (External)
• External Threats
  – Companies systems are becoming more visible
  – International Threats
• Example
  – External Denial of Service (DoS)
  – External Privilege Escalations
NBIDS Benefits
• Trace activity
• Complements:
  – Firewalls
  – Antivirus Software
• System Management Competencies
  – Monitoring
  – Security Audits
  – Response
  – Attack Recognition
Types of NBIDS
• Promiscuous-Mode
  – Captures every packet


• Network-Node
  – VPN
NBIDS Issues
• Cannot reassemble all fragmented traffic
• Cannot compensate for low credential
  standards
• Cannot analyze all data or deal with packet-
  level issues
• Firewalls serve best
NBIDS Future
• Artificial Intelligence
• Combination of:
   – Anomaly Detection
   – Misuse Detection
• New Hybrid Model
Cost Effectiveness
• One Third of attacks originate inside the
  company
• Firewalls only prevent unauthorized access
  from outside the network
• Companies spent $3.8 Million/year
• Compared to $60,000 for a hardware-based
  Cisco® NBIDS
Available NBIDS
• Snort Intrusion Prevention – Software-
  based
  – Free
• AIDE – Software-Based
  – Free
• IBM RealSecure ISS – Software-Based
  – ~$12,000
• Cisco IPS 4270 – Harware-based
  – ~$50,000-$60,000
FAQ
• Why have a NBIDS if it cannot prevent a
  hack?

• When would it be necessary to use a Host-
  based Intrusion Detection System?

• What is a Signature?
Conclusion
• Goal:
  – To achieve a balance


• NBIDS is not preventative
  – Firewall
  – Antivirus
  – Host based IDS

Contenu connexe

Tendances

Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and DemeritsSignature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demeritsdavid rom
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemDevil's Cafe
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMApoorv Pandey
 
IDS/IPS security
IDS/IPS securityIDS/IPS security
IDS/IPS securityClarejenson
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPSMinhaz A V
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsPaul Green
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems  and Intrusion Prevention Systems Intrusion Detection Systems  and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemPreshan Pradeepa
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...UzairAhmad81
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 

Tendances (19)

Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and DemeritsSignature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
Signature-Based or Anomaly-Based Intrusion Detection: The Merits and Demerits
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
 
IDS/IPS security
IDS/IPS securityIDS/IPS security
IDS/IPS security
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPS
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection Systems
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems  and Intrusion Prevention Systems Intrusion Detection Systems  and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
 

Similaire à Network-Based Intrusion Detection System

Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and preventionNicholas Davis
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxssuserc517ee1
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemsalutiontechnology
 
INTRUSION_DETECTION_SYSTEM_PBL.pptx
INTRUSION_DETECTION_SYSTEM_PBL.pptxINTRUSION_DETECTION_SYSTEM_PBL.pptx
INTRUSION_DETECTION_SYSTEM_PBL.pptxPrasad92810
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
IT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisIT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisManageEngine, Zoho Corporation
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Intrusion detection system.pptx
Intrusion detection system.pptxIntrusion detection system.pptx
Intrusion detection system.pptxNawalL4
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...Jisc
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Understanding Intrusion Detection Systems with Snort
Understanding Intrusion Detection Systems with SnortUnderstanding Intrusion Detection Systems with Snort
Understanding Intrusion Detection Systems with SnortShyamsundar Das
 

Similaire à Network-Based Intrusion Detection System (20)

Intrusion detection and prevention
Intrusion detection and preventionIntrusion detection and prevention
Intrusion detection and prevention
 
ch03.pptx
ch03.pptxch03.pptx
ch03.pptx
 
Cours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptxCours_4_IDS_IPS.pptx
Cours_4_IDS_IPS.pptx
 
BOTNET
BOTNETBOTNET
BOTNET
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
 
INTRUSION_DETECTION_SYSTEM_PBL.pptx
INTRUSION_DETECTION_SYSTEM_PBL.pptxINTRUSION_DETECTION_SYSTEM_PBL.pptx
INTRUSION_DETECTION_SYSTEM_PBL.pptx
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
012
012012
012
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
IT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysisIT Security: Eliminating threats with effective network & log analysis
IT Security: Eliminating threats with effective network & log analysis
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
Intrusion detection system.pptx
Intrusion detection system.pptxIntrusion detection system.pptx
Intrusion detection system.pptx
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
Understanding Intrusion Detection Systems with Snort
Understanding Intrusion Detection Systems with SnortUnderstanding Intrusion Detection Systems with Snort
Understanding Intrusion Detection Systems with Snort
 

Dernier

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 

Dernier (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 

Network-Based Intrusion Detection System

  • 1. Network-Based Intrusion Detection Systems By: John Buckhorn
  • 2. Introduction  Security Threats on the Rise Traditional Protection Antivirus Firewalls
  • 3. History • USAF – 1972 – Noted vulnerabilities of computer security • 1984 – First Intrusion Detection System Prototype – Real Time Intrusion Detection – Would eventually evolve into modern NBIDS
  • 4. IDS Features • Pattern matching • Data destruction • denial-of-service • Hostile code • Network or System Eavesdropping • System and Network Mapping • Unauthorized access • Anomaly Detection
  • 5. Intrusion Detection Technologies • Host-based Intrusion detection Systems (HIDS) • Network-Based intrusion detection systems (NBIDS) • File System Integrity checkers • Honeypot Systems • Security Information Management (SIM)
  • 6. Network-Based Intrusion Detection System (NBIDS) • More network based attacks • Shift from host based to network based • An NBIDS is a system that monitors traffic at selected points on a network or interconnected set of networks
  • 7. Types of Attacks (Internal) • Insider Attacks – Not limited to an employee • Examples – Internal Denial of Service (DoS) – Internal Privilege Escalation – Internal Super-User Privileges
  • 8. Types of Attacks (External) • External Threats – Companies systems are becoming more visible – International Threats • Example – External Denial of Service (DoS) – External Privilege Escalations
  • 9. NBIDS Benefits • Trace activity • Complements: – Firewalls – Antivirus Software • System Management Competencies – Monitoring – Security Audits – Response – Attack Recognition
  • 10. Types of NBIDS • Promiscuous-Mode – Captures every packet • Network-Node – VPN
  • 11. NBIDS Issues • Cannot reassemble all fragmented traffic • Cannot compensate for low credential standards • Cannot analyze all data or deal with packet- level issues • Firewalls serve best
  • 12. NBIDS Future • Artificial Intelligence • Combination of: – Anomaly Detection – Misuse Detection • New Hybrid Model
  • 13. Cost Effectiveness • One Third of attacks originate inside the company • Firewalls only prevent unauthorized access from outside the network • Companies spent $3.8 Million/year • Compared to $60,000 for a hardware-based Cisco® NBIDS
  • 14. Available NBIDS • Snort Intrusion Prevention – Software- based – Free • AIDE – Software-Based – Free • IBM RealSecure ISS – Software-Based – ~$12,000 • Cisco IPS 4270 – Harware-based – ~$50,000-$60,000
  • 15. FAQ • Why have a NBIDS if it cannot prevent a hack? • When would it be necessary to use a Host- based Intrusion Detection System? • What is a Signature?
  • 16. Conclusion • Goal: – To achieve a balance • NBIDS is not preventative – Firewall – Antivirus – Host based IDS