Upload
aubrey-dixon
View
215
Download
2
Embed Size (px)
Citation preview
What is a “Network Intrusion Detection System (NIDS)"?
What is a “Network Intrusion Detection System (NIDS)"?
A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic
NIDS is designed to allows Data to be transmitted in Real-Time across any TCP/IP Network or connection, i.e. from any 2 PCs or Wireless Devices to millions, in Real-Time
Some of the major features in NIDS in Windows 2000 include:
• Support for Plug and Play, Power Management, and Windows Management Instrumentation(WMI)
• Support for connection-oriented media such as asynchronous transfer mode (ATM).
Features
Support for older (legacy) transport stacks over connection-oriented media (for example, the LAN Emulation (LANE) driver and User Network Interface (UNI) Call Manager).
The ability to offload tasks from the TCP/IP transport to the network adapter (for example, TCP/IP checksum tasks, IP Security tasks, and the segmentation of large TCP packets).
High performance OS Specific capture module for Linux
Packet decode engine fully supports encapsulation
Decode plugins included for many protocols
Easy to configure; just one config file
Full IP defragmentation TCP stateful inspection with
window tracking Intelligent TCP stream reassembly Full application layer decodes EXTREMELY fast and scalable
signature engine Configurable token-bucket rate-
limiting of any alerts
Supported Protocols TCP/IP Suite (IPv4,TCP,UDP,ICMP,IGMP) 802.1q (vlan) Can differentiate EthernetII and novell IPX
frames Can decode LLC and SNAP IPX, SAP Linux cooked sockets (SLL) in two different
formats GRE (generic routing encapsulation) IrDA (infra-red) ARP/Appletalk ARP
Planned Features
Some performance enhancements Proper remote alerting to central
firestorm server Analyst consoles to read data from
central server Central management of all
configuration from analyst console
What happens after a NIDS detects an attack? Reconfigure firewall chime SNMP Trap NT Event syslog send e-mail page Log the attack Save evidence Launch program Terminate the TCP session
How can one detect if someone is running a NIDS?
A NIDS is essentially a sniffer, so therefore standard sniffer detection techniques can be used. An example would be to do a traceroute against the victim. This will often generate a low-level event in the IDS.
NIDS
BY Meron Girma Cis. 450 Professor Anrivor