SlideShare a Scribd company logo

L2 Intrusion Detection System (IDS)

Download as PPT, PDF
Rushdi Shams
Rushdi Shams
Technology
1 of 30
Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
 If a computer is on the Internet, or receives data from the Internet, including Web browsing or email, then security is a problem.  This is true for everyone, as automated scanners and worms do not make distinctions between targets.  Simply, if your system has vulnerabilities, it will be hit. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
 Because security problems are ubiquitous, security solutions should be also.  To be effective, this security must follow a "defense in depth" strategy or a layered approach. This means that security is layered in hopes that if an attack passes through one layer, it is caught by the next, or the next.  Defense in depth combines network security and host- based security (especially antivirus software).  While each layer is important, no layer is sufficient on its own.  Many end users make the mistake of thinking that a firewall, by itself, constitutes network security. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
 With market penetration of firewalls reaching more than 95 percent, security problems still persist for organizations large and small.  simply allowing Web traffic allows all Web traffic, including that which is malicious.  The next step that many organizations have taken is to install intrusion detection systems (IDS), which can monitor traffic for attack signatures that represent hostile activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
 Intrusion detection (ID) is a type of security management system for computers and networks.  An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both › intrusions (attacks from outside the organization) and › misuse (attacks from within the organization). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
 ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
 Monitoring and analyzing both user and system activities  Analyzing system configurations and vulnerabilities  Assessing system and file integrity  Ability to recognize patterns typical of attacks  Analysis of abnormal activity patterns  Tracking user policy violations Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
 Typically, an ID system follows a two-step process.  The first procedures are host-based and are considered the passive component, › inspection of the system's configuration files to detect inadvisable settings › inspection of the password files to detect inadvisable passwords › inspection of other system areas to detect policy violations. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
 The second procedures are network-based and are considered the active component  mechanisms are set in place to reenact known methods of attack and to record system responses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
 Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic.  A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network.  Using the captured data, the IDS system processes and flags any suspicious traffic.  The role of a network IDS is passive, only gathering, identifying, logging and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
 attempts to identify unauthorized, illicit, and anomalous behavior on a specific device.  HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity.  The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity.  The role of a host IDS is passive, only gathering, identifying, logging, and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
 A honeypot is a simply a system program or file that has absolutely no purpose in production.  Therefore, we can always assume that if the honeypot is accessed, it is for some reason unrelated to  Honeypots are probably one of the last security tools an organization should implement. This is primarily because of the concern that somebody may use the honeypot to attack other systems. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
 A honeypot can also be a computer on your network to look and act like a legitimate computer but actually is configured to interact with potential hackers  Honeypots are known also as a sacrificial lamb, decoy, or booby trap.  The more realistic the interaction, the longer the attacker will stay occupied on honeypot systems and away from your production systems.  The longer the hacker stays using the honeypot, the more will be disclosed about their techniques.  This information can be used to identify what they are after, what is their skill level, and what tools do they use.  All this information is then used to better prepare your network and host defenses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
 Step 1: Node A transmits a frame to Node C.  Step 2: The hub will broadcast this frame to each active port.  Step 3: Node B will receive the frame and will examine the address in the frame. After determining that it is not the intended host, it will discard the frame.  Step 4: Node C will also receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
 In order for a host to be used as a sniffing agent, the network interface must be set to 'promiscuous' mode.  Setting this mode requires root or administrator access.  After this mode is set, the network interface will no longer drop network frames which are addressed to other hosts.  Rather, it will pass them up to the higher network layers with the expectation that some software at a higher layer will process them. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
 Step 1: Node A transmits a frame to Node C.  Step 2: The hub will broadcast this frame to each active port.  Step 3: Node B will receive this frame and will accept it because the network interface has been set to 'promiscuous' mode. This allows a network interface to accept any frames, regardless of the MAC (Media Access Control) address in the frame  Step 4: Node C will also receive the frame and will process it as expected. It has no way of knowing that another host has also processed the frame. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
 Step 1: Node A transmits a frame to Node C.  Step 2: The switch will examine this frame and determine what the intended host is. It will then set up a connection between Node A and Node C so that they have a 'private' connection.  Step 3: Node C will receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
ARP Spoofing  when Node A wants to communicate with Node C on the network, it sends an ARP request.  Node C will send an ARP reply which will include the MAC address.  Even in a switched environment, this initial ARP request is sent in a broadcast manner.  It is possible for Node B to craft and send an unsolicited, fake ARP reply to Node A.  This fake ARP reply will specify that Node B has the MAC address of Node C.  Node A will unwittingly send the traffic to Node B since it professes to have the intended MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
MAC Flooding  On some switches, it is possible to bombard the switch with bogus MAC address data.  The switch, not knowing how to handle the excess data, will 'fail open'.  That is, it will revert to a hub and will broadcast all network frames to all ports.  At this point, one of the more generic network sniffers will work. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
MAC Duplicating  You reconfigure Node B to have the same MAC address as the machine whose traffic you're trying to sniff.  This is easy to do on a Linux box if you have access to the 'ifconfig' command.  This differs from ARP Spoofing because, in ARP Spoofing, we are 'confusing' the host by poisoning it's ARP cache.  In a MAC Duplicating attack, we actually confuse the switch itself into thinking two ports have the same MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
IP Filtering  By enabling IP filtering on your switch, you directly specify which traffic is allowed to flow to and from each port.  This can be a monumental effort to put in place and manage, especially if your environment is dynamic. Port Security  If your hub or switch has the ability to enable port security, this will help to protect you from both the MAC Flood and MAC Spoofing attacks.  These feature effectively prevents the hub or switch from recognizing more than 1 MAC address on a physical port. Routing Security  No workstations should be allowed to run a routing protocol as they may be compromised.  management of any of your network gear should be through a secure connection and not through telnet which passes the administrative login/password in cleartext. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
 knowledge-based intrusion detection techniques apply the knowledge accumulated about specific attacks and system vulnerabilities.  IDS contains information about these vulnerabilities and looks for attempts to exploit these vulnerabilities.  When such an attempt is detected, an alarm is triggered. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
 In other words, any action that is not explicitly recognized as an attack is considered acceptable.  Therefore, the accuracy of knowledge-based intrusion detection systems is considered good.  However, their completeness (i.e. the fact that they detect all possible attacks) depends on the regular update of knowledge about attacks. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23
 Advantages of the knowledge-based approaches are that they have the potential for very low false alarm rates Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 24
 Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users.  The model of normal or valid behavior is extracted from reference information collected by various means.  The intrusion detection system later compares this model with the current activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 25
 When a deviation is observed, an alarm is generated.  In other words, anything that does not correspond to a previously learned behavior is considered intrusive.  Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 26
 Advantages of behavior-based approaches are that they can detect attempts to exploit new and unforeseen vulnerabilities.  They can even contribute to the (partially) automatic discovery of these new attacks.  They also help detect 'abuse of privileges' types of attacks that do not actually involve exploiting any security vulnerability.  In short, this is the paranoid approach: Everything which has not been seen previously is dangerous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 27
 The high false alarm rate is generally cited as the main drawback of behavior-based techniques because the entire scope of the behavior of an information system may not be covered during the learning phase.  Also, behavior can change over time, introducing the need for periodic online retraining of the behavior profile, resulting either in unavailability of the intrusion detection system or in additional false alarms. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 28
 The information system can undergo attacks at the same time the intrusion detection system is learning the behavior. As a result, the behavior profile contains intrusive behavior, which is not detected as anomalous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 29
Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 30

Recommended

Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 

Recommended

Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique Sujeet Suryawanshi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsPaul Green
 
Attacks in MANET
Attacks in MANETAttacks in MANET
Attacks in MANETSunita Sahu
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemOECLIB Odisha Electronics Control Library
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
Ids(final)
Ids(final)Ids(final)
Ids(final)Not yet working. I am still studying
 
Analysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsAnalysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsRafsanjani, Muhammod
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
L4 vpn
L4 vpnL4 vpn
L4 vpnRushdi Shams
 
L5 understanding hacking
L5 understanding hackingL5 understanding hacking
L5 understanding hackingRushdi Shams
 

More Related Content

What's hot

Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique Sujeet Suryawanshi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsPaul Green
 
Attacks in MANET
Attacks in MANETAttacks in MANET
Attacks in MANETSunita Sahu
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
Analysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsAnalysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsRafsanjani, Muhammod
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 

What's hot (20)

Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Honeypots
HoneypotsHoneypots
Honeypots
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection Systems
 
Attacks in MANET
Attacks in MANETAttacks in MANET
Attacks in MANET
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
Ids(final)
Ids(final)Ids(final)
Ids(final)
 
Analysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” DatasetsAnalysis of the “KDD Cup-1999” Datasets
Analysis of the “KDD Cup-1999” Datasets
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 

Viewers also liked

L5 understanding hacking
L5 understanding hackingL5 understanding hacking
L5 understanding hackingRushdi Shams
 
L1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationL1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationRushdi Shams
 
Semi-supervised classification for natural language processing
Semi-supervised classification for natural language processingSemi-supervised classification for natural language processing
Semi-supervised classification for natural language processingRushdi Shams
 
Probabilistic logic
Probabilistic logicProbabilistic logic
Probabilistic logicRushdi Shams
 
Knowledge structure
Knowledge structureKnowledge structure
Knowledge structureRushdi Shams
 
Knowledge representation
Knowledge representationKnowledge representation
Knowledge representationRushdi Shams
 
Propositional logic
Propositional logicPropositional logic
Propositional logicRushdi Shams
 
Syntax and semantics
Syntax and semanticsSyntax and semantics
Syntax and semanticsRushdi Shams
 
Natural Language Processing: Parsing
Natural Language Processing: ParsingNatural Language Processing: Parsing
Natural Language Processing: ParsingRushdi Shams
 
Types of machine translation
Types of machine translationTypes of machine translation
Types of machine translationRushdi Shams
 
Propositional And First-Order Logic
Propositional And First-Order LogicPropositional And First-Order Logic
Propositional And First-Order Logicankush_kumar
 

Viewers also liked (17)

L4 vpn
L4 vpnL4 vpn
L4 vpn
 
L5 understanding hacking
L5 understanding hackingL5 understanding hacking
L5 understanding hacking
 
L1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationL1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translation
 
Belief function
Belief functionBelief function
Belief function
 
Semi-supervised classification for natural language processing
Semi-supervised classification for natural language processingSemi-supervised classification for natural language processing
Semi-supervised classification for natural language processing
 
L1 phishing
L1 phishingL1 phishing
L1 phishing
 
Probabilistic logic
Probabilistic logicProbabilistic logic
Probabilistic logic
 
L3 defense
L3 defenseL3 defense
L3 defense
 
L15 fuzzy logic
L15 fuzzy logicL15 fuzzy logic
L15 fuzzy logic
 
Knowledge structure
Knowledge structureKnowledge structure
Knowledge structure
 
Knowledge representation
Knowledge representationKnowledge representation
Knowledge representation
 
Propositional logic
Propositional logicPropositional logic
Propositional logic
 
Syntax and semantics
Syntax and semanticsSyntax and semantics
Syntax and semantics
 
Natural Language Processing: Parsing
Natural Language Processing: ParsingNatural Language Processing: Parsing
Natural Language Processing: Parsing
 
First order logic
First order logicFirst order logic
First order logic
 
Types of machine translation
Types of machine translationTypes of machine translation
Types of machine translation
 
Propositional And First-Order Logic
Propositional And First-Order LogicPropositional And First-Order Logic
Propositional And First-Order Logic
 

Similar to L2 Intrusion Detection System (IDS)

Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)IOSR Journals
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerIRJET Journal
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...IJERA Editor
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET Journal
 
aGHLecture2_2017.pptx
aGHLecture2_2017.pptxaGHLecture2_2017.pptx
aGHLecture2_2017.pptxRituParna42
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
An Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using HoneypotAn Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using HoneypotEditor Jacotech
 

Similar to L2 Intrusion Detection System (IDS) (20)

Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
 
Honeypot
HoneypotHoneypot
Honeypot
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 
G011123539
G011123539G011123539
G011123539
 
Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
 
CY.pptx
CY.pptxCY.pptx
CY.pptx
 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
A Secure Intrusion Detection System against DDOS Attack in Wireless Ad-Hoc Ne...
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
 
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
 
Open port vulnerability
Open port vulnerabilityOpen port vulnerability
Open port vulnerability
 
aGHLecture2_2017.pptx
aGHLecture2_2017.pptxaGHLecture2_2017.pptx
aGHLecture2_2017.pptx
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
1376841709 17879811
1376841709 178798111376841709 17879811
1376841709 17879811
 
An Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using HoneypotAn Approach to for Improving the Efficiency of IDS System Using Honeypot
An Approach to for Improving the Efficiency of IDS System Using Honeypot
 

More from Rushdi Shams

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchRushdi Shams
 
Common evaluation measures in NLP and IR
Common evaluation measures in NLP and IRCommon evaluation measures in NLP and IR
Common evaluation measures in NLP and IRRushdi Shams
 
Machine learning with nlp 101
Machine learning with nlp 101Machine learning with nlp 101
Machine learning with nlp 101Rushdi Shams
 
L2 l3 l4 software process models
L2 l3 l4 software process modelsL2 l3 l4 software process models
L2 l3 l4 software process modelsRushdi Shams
 
L1 overview of software engineering
L1 overview of software engineeringL1 overview of software engineering
L1 overview of software engineeringRushdi Shams
 
L13 why software fails
L13 why software failsL13 why software fails
L13 why software failsRushdi Shams
 
Lecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsLecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsRushdi Shams
 
Lecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksLecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksRushdi Shams
 
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsLecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsRushdi Shams
 
Lecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingLecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingRushdi Shams
 
Lecture 1 and 2 processes
Lecture 1 and 2 processesLecture 1 and 2 processes
Lecture 1 and 2 processesRushdi Shams
 
Lecture 3 and 4 threads
Lecture 3 and 4 threadsLecture 3 and 4 threads
Lecture 3 and 4 threadsRushdi Shams
 
Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Rushdi Shams
 
My slide relational algebra
My slide relational algebraMy slide relational algebra
My slide relational algebraRushdi Shams
 

More from Rushdi Shams (14)

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better Research
 
Common evaluation measures in NLP and IR
Common evaluation measures in NLP and IRCommon evaluation measures in NLP and IR
Common evaluation measures in NLP and IR
 
Machine learning with nlp 101
Machine learning with nlp 101Machine learning with nlp 101
Machine learning with nlp 101
 
L2 l3 l4 software process models
L2 l3 l4 software process modelsL2 l3 l4 software process models
L2 l3 l4 software process models
 
L1 overview of software engineering
L1 overview of software engineeringL1 overview of software engineering
L1 overview of software engineering
 
L13 why software fails
L13 why software failsL13 why software fails
L13 why software fails
 
Lecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsLecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systems
 
Lecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksLecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocks
 
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsLecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
 
Lecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingLecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu scheduling
 
Lecture 1 and 2 processes
Lecture 1 and 2 processesLecture 1 and 2 processes
Lecture 1 and 2 processes
 
Lecture 3 and 4 threads
Lecture 3 and 4 threadsLecture 3 and 4 threads
Lecture 3 and 4 threads
 
Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)
 
My slide relational algebra
My slide relational algebraMy slide relational algebra
My slide relational algebra
 

Recently uploaded

Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 

Recently uploaded (20)

Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 

L2 Intrusion Detection System (IDS)

  • 1. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
  • 2.  If a computer is on the Internet, or receives data from the Internet, including Web browsing or email, then security is a problem.  This is true for everyone, as automated scanners and worms do not make distinctions between targets.  Simply, if your system has vulnerabilities, it will be hit. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
  • 3.  Because security problems are ubiquitous, security solutions should be also.  To be effective, this security must follow a "defense in depth" strategy or a layered approach. This means that security is layered in hopes that if an attack passes through one layer, it is caught by the next, or the next.  Defense in depth combines network security and host- based security (especially antivirus software).  While each layer is important, no layer is sufficient on its own.  Many end users make the mistake of thinking that a firewall, by itself, constitutes network security. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
  • 4.  With market penetration of firewalls reaching more than 95 percent, security problems still persist for organizations large and small.  simply allowing Web traffic allows all Web traffic, including that which is malicious.  The next step that many organizations have taken is to install intrusion detection systems (IDS), which can monitor traffic for attack signatures that represent hostile activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
  • 5.  Intrusion detection (ID) is a type of security management system for computers and networks.  An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both › intrusions (attacks from outside the organization) and › misuse (attacks from within the organization). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
  • 6.  ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
  • 7.  Monitoring and analyzing both user and system activities  Analyzing system configurations and vulnerabilities  Assessing system and file integrity  Ability to recognize patterns typical of attacks  Analysis of abnormal activity patterns  Tracking user policy violations Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
  • 8.  Typically, an ID system follows a two-step process.  The first procedures are host-based and are considered the passive component, › inspection of the system's configuration files to detect inadvisable settings › inspection of the password files to detect inadvisable passwords › inspection of other system areas to detect policy violations. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
  • 9.  The second procedures are network-based and are considered the active component  mechanisms are set in place to reenact known methods of attack and to record system responses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
  • 10.  Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic.  A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network.  Using the captured data, the IDS system processes and flags any suspicious traffic.  The role of a network IDS is passive, only gathering, identifying, logging and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
  • 11.  attempts to identify unauthorized, illicit, and anomalous behavior on a specific device.  HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity.  The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity.  The role of a host IDS is passive, only gathering, identifying, logging, and alerting. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
  • 12.  A honeypot is a simply a system program or file that has absolutely no purpose in production.  Therefore, we can always assume that if the honeypot is accessed, it is for some reason unrelated to  Honeypots are probably one of the last security tools an organization should implement. This is primarily because of the concern that somebody may use the honeypot to attack other systems. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
  • 13.  A honeypot can also be a computer on your network to look and act like a legitimate computer but actually is configured to interact with potential hackers  Honeypots are known also as a sacrificial lamb, decoy, or booby trap.  The more realistic the interaction, the longer the attacker will stay occupied on honeypot systems and away from your production systems.  The longer the hacker stays using the honeypot, the more will be disclosed about their techniques.  This information can be used to identify what they are after, what is their skill level, and what tools do they use.  All this information is then used to better prepare your network and host defenses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
  • 14.  Step 1: Node A transmits a frame to Node C.  Step 2: The hub will broadcast this frame to each active port.  Step 3: Node B will receive the frame and will examine the address in the frame. After determining that it is not the intended host, it will discard the frame.  Step 4: Node C will also receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
  • 15.  In order for a host to be used as a sniffing agent, the network interface must be set to 'promiscuous' mode.  Setting this mode requires root or administrator access.  After this mode is set, the network interface will no longer drop network frames which are addressed to other hosts.  Rather, it will pass them up to the higher network layers with the expectation that some software at a higher layer will process them. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
  • 16.  Step 1: Node A transmits a frame to Node C.  Step 2: The hub will broadcast this frame to each active port.  Step 3: Node B will receive this frame and will accept it because the network interface has been set to 'promiscuous' mode. This allows a network interface to accept any frames, regardless of the MAC (Media Access Control) address in the frame  Step 4: Node C will also receive the frame and will process it as expected. It has no way of knowing that another host has also processed the frame. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
  • 17.  Step 1: Node A transmits a frame to Node C.  Step 2: The switch will examine this frame and determine what the intended host is. It will then set up a connection between Node A and Node C so that they have a 'private' connection.  Step 3: Node C will receive the frame and will examine the address. After determining that it is the intended host, it will process the frame further. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
  • 18. ARP Spoofing  when Node A wants to communicate with Node C on the network, it sends an ARP request.  Node C will send an ARP reply which will include the MAC address.  Even in a switched environment, this initial ARP request is sent in a broadcast manner.  It is possible for Node B to craft and send an unsolicited, fake ARP reply to Node A.  This fake ARP reply will specify that Node B has the MAC address of Node C.  Node A will unwittingly send the traffic to Node B since it professes to have the intended MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
  • 19. MAC Flooding  On some switches, it is possible to bombard the switch with bogus MAC address data.  The switch, not knowing how to handle the excess data, will 'fail open'.  That is, it will revert to a hub and will broadcast all network frames to all ports.  At this point, one of the more generic network sniffers will work. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
  • 20. MAC Duplicating  You reconfigure Node B to have the same MAC address as the machine whose traffic you're trying to sniff.  This is easy to do on a Linux box if you have access to the 'ifconfig' command.  This differs from ARP Spoofing because, in ARP Spoofing, we are 'confusing' the host by poisoning it's ARP cache.  In a MAC Duplicating attack, we actually confuse the switch itself into thinking two ports have the same MAC address. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
  • 21. IP Filtering  By enabling IP filtering on your switch, you directly specify which traffic is allowed to flow to and from each port.  This can be a monumental effort to put in place and manage, especially if your environment is dynamic. Port Security  If your hub or switch has the ability to enable port security, this will help to protect you from both the MAC Flood and MAC Spoofing attacks.  These feature effectively prevents the hub or switch from recognizing more than 1 MAC address on a physical port. Routing Security  No workstations should be allowed to run a routing protocol as they may be compromised.  management of any of your network gear should be through a secure connection and not through telnet which passes the administrative login/password in cleartext. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
  • 22.  knowledge-based intrusion detection techniques apply the knowledge accumulated about specific attacks and system vulnerabilities.  IDS contains information about these vulnerabilities and looks for attempts to exploit these vulnerabilities.  When such an attempt is detected, an alarm is triggered. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
  • 23.  In other words, any action that is not explicitly recognized as an attack is considered acceptable.  Therefore, the accuracy of knowledge-based intrusion detection systems is considered good.  However, their completeness (i.e. the fact that they detect all possible attacks) depends on the regular update of knowledge about attacks. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23
  • 24.  Advantages of the knowledge-based approaches are that they have the potential for very low false alarm rates Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 24
  • 25.  Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users.  The model of normal or valid behavior is extracted from reference information collected by various means.  The intrusion detection system later compares this model with the current activity. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 25
  • 26.  When a deviation is observed, an alarm is generated.  In other words, anything that does not correspond to a previously learned behavior is considered intrusive.  Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 26
  • 27.  Advantages of behavior-based approaches are that they can detect attempts to exploit new and unforeseen vulnerabilities.  They can even contribute to the (partially) automatic discovery of these new attacks.  They also help detect 'abuse of privileges' types of attacks that do not actually involve exploiting any security vulnerability.  In short, this is the paranoid approach: Everything which has not been seen previously is dangerous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 27
  • 28.  The high false alarm rate is generally cited as the main drawback of behavior-based techniques because the entire scope of the behavior of an information system may not be covered during the learning phase.  Also, behavior can change over time, introducing the need for periodic online retraining of the behavior profile, resulting either in unavailability of the intrusion detection system or in additional false alarms. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 28
  • 29.  The information system can undergo attacks at the same time the intrusion detection system is learning the behavior. As a result, the behavior profile contains intrusive behavior, which is not detected as anomalous. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 29
  • 30. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 30