Intrusion Detection Systems Austen Hayes Cameron Hinkel

Embed Size (px)

Text of Intrusion Detection Systems Austen Hayes Cameron Hinkel

  • Intrusion Detection SystemsAusten HayesCameron Hinkel

  • Intrusion Detection Systems (IDS)Definition

  • Purpose of IDSMonitor Host/Network

  • Purpose of IDSMonitor Host/NetworkLog Suspicious Activity

  • Purpose of IDSMonitor Host/NetworkLog Suspicious ActivityDetect Potential Threats

  • Purpose of IDSMonitor Host/NetworkLog Suspicious ActivityDetect Potential Threats Alert System Administrator(s)

  • Purpose of IDSMonitor Host/NetworkLog Suspicious ActivityDetect Potential Threats Alert System Administrator(s)Generate Reports

  • Detection MethodsStatistical Anomaly-Based

  • Detection MethodsStatistical Anomaly-BasedProtocol Analysis

  • Detection MethodsStatistical Anomaly-BasedProtocol AnalysisBandwidth

  • Detection MethodsStatistical Anomaly-BasedProtocol AnalysisBandwidthHardware Connections

  • Detection MethodsStatistical Anomaly-BasedProtocol AnalysisBandwidthHardware ConnectionsSignature-Based

  • Detection MethodsStatistical Anomaly-BasedProtocol AnalysisBandwidthHardware ConnectionsSignature-BasedStateful Protocol Analysis

  • Types of IDSNetwork (NIDS)NIDSFirewallInternetPrivate Network

  • Types of IDSHost-based (HIDS)FirewallInternetPrivate NetworkHIDS

  • Types of IDSWirelessIDSSensorAccess PointWireless DevicesInternet

  • Types of IDSNetwork (NIDS)Host-based (HIDS)WirelessNetwork Behavior Analysis

  • Network IDSInstallation TypesHub/SwitchNIDSHubInternetPrivate Network

  • Network IDSInstallation TypesNetwork TapNIDSHubInternetPrivate Network

  • Network IDSInstallation TypesInlineInternetNIDSHubPrivate Network

  • Network IDSExamplesLaBrea TarpitPropagation of worms

  • Network IDSExamplesLaBrea TarpitPropagation of wormsARP request responses

  • Network IDSExamplesHoney PotLow-Interaction

  • Network IDSExamplesHoney PotLow-InteractionHigh-Interaction

  • Types of Attacks

  • Types of AttacksPort Scan

  • Types of AttacksPort ScanDOS Attack

  • Types of AttacksPort ScanDOS AttackICMP Flood

  • Types of AttacksPort ScanDOS AttackICMP FloodDistributed

  • Popular IDS SoftwareSnortOpen source, Signature-based

  • Popular IDS SoftwareSnortOpen source, Signature-basedAIDEAdvanced Intrusion Detection Environment

  • Popular IDS SoftwareSnortOpen source, Signature-basedAIDEAdvanced Intrusion Detection EnvironmentOSSEC HIDS

  • ConclusionSecurity Integral to Sys. Admin Job

  • ConclusionSecurity Integral to Sys. Admin JobComplexity of Securing A System/Network

  • ConclusionSecurity Integral to Sys. Admin JobComplexity of Securing a System/NetworkNumerous Tools Available To Detect Threats