Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Intrusion Detection System(IDS) at a Glance (PPT)

Intrusion detection system or IDS is a security software which is designed to help administrator to automatically alert or notify at any case when a user try to compromise information system through any malicious activities or at point where Violation of security policies are taken

  • Identifiez-vous pour voir les commentaires

Intrusion Detection System(IDS) at a Glance (PPT)

  1. 1. Intrusion Detection System (IDS) at a Glance
  2. 2. Intrusion Detection System or IDS is a security software which is designed to help administrator to automatically alert or notify at any case when a user tries to compromise information system through any malicious activities or at point where violation of security policies are taken. It helps to deals with such attacks by inspecting all of the inbound or outbound traffic on a network.
  3. 3. Types Of Intrusions / Attacks Web Based Attacks SQL Injection, Web Shells LFI, RFI and XSS Attacks Network Based Attacks Unauthorized Login Denial Of Service attacks Scanning ports and services Replication of Worms, Trojan, Virus Spoofing Attacks ( Arpspoof, Dns spoof Attacks ) Zero Day Attacks Attacks that aren’t known.
  4. 4. How detection is performed in IDS Software? IDS Signature Based detection- This type of detection work well with the threads that are already determined or known. Anomaly-based detection-- This detection works on the basis of Comparison. It determines the traits of a normal action against characteristics that marks them as abnormal.
  5. 5. A Typical Intrusion detection functions include : Monitoring and analyzing both user and system activities Analyzing system configurations and vulnerabilities Assessing system and file integrity Ability to recognize typical patterns of attacks Analysis of abnormal activity patterns Tracking user policy violations
  6. 6. Major component of an IDS System Network Intrusion Detection System (NIDS): This does analysis for traffic on a whole subnet and will make a match to the traffic passing by to the attacks already known in a library of known attacks.
  7. 7. Network Node Intrusion Detection System (NNIDS): This is similar to NIDS, but the traffic is only monitored on a single host, not a whole subnet.
  8. 8. Host Intrusion Detection System (HIDS): This takes a “picture” of an entire system’s file set and compares it to a previous picture. If there are significant differences, such as missing files, it alerts the administrator.
  9. 9. PROS of an IDS System CAN add a greater degree of integrity to the rest of your infrastructure CAN trace user activity from point of entry to point of impact CAN recognize and report alterations to data CAN automate a task of monitoring the Internet searching for the latest attacks CAN detect when your system is under attack CAN make the security management of your system possible bynon-expert staff
  10. 10. CONS Related to an IDS System CAN NOT compensate for a weak identification and authentication mechanisms CAN NOT conduct investigations of attacks without human intervention CAN NOT compensate for weaknesses in network protocols CAN NOT analyze all the traffic on a busy network CAN NOT always deal with problems involving packet-level attacks CAN NOT deal with some of the modern network hardware and features
  11. 11. How to protect IDS • Don’t run any service on your IDS sensor • The platform on which you are Running IDS should be patched with the latest release from your vendor • Configure the IDS machine so that it doesn't respond to ping packets • User account should not be created except those that are necessary

×