By: John Buckhorn Network-Based Intrusion Detection Systems

Network-Based Intrusion Detection System

Embed Size (px)



Citation preview

  • 1. Network-Based Intrusion Detection SystemsBy: John Buckhorn

2. Introduction Security Threats on the RiseTraditional ProtectionAntivirusFirewalls 3. History USAF 1972 Noted vulnerabilities of computer security 1984 First Intrusion Detection System Prototype Real Time Intrusion Detection Would eventually evolve into modern NBIDS 4. IDS Features Pattern matching Data destruction denial-of-service Hostile code Network or System Eavesdropping System and Network Mapping Unauthorized access Anomaly Detection 5. Intrusion Detection Technologies Host-based Intrusion detection Systems(HIDS) Network-Based intrusion detection systems(NBIDS) File System Integrity checkers Honeypot Systems Security Information Management (SIM) 6. Network-Based Intrusion Detection System (NBIDS) More network based attacks Shift from host based to network based An NBIDS is a system that monitors traffic at selected points on a network or interconnected set of networks 7. Types of Attacks (Internal) Insider Attacks Not limited to an employee Examples Internal Denial of Service (DoS) Internal Privilege Escalation Internal Super-User Privileges 8. Types of Attacks (External) External Threats Companies systems are becoming more visible International Threats Example External Denial of Service (DoS) External Privilege Escalations 9. NBIDS Benefits Trace activity Complements: Firewalls Antivirus Software System Management Competencies Monitoring Security Audits Response Attack Recognition 10. Types of NBIDS Promiscuous-Mode Captures every packet Network-Node VPN 11. NBIDS Issues Cannot reassemble all fragmented traffic Cannot compensate for low credentialstandards Cannot analyze all data or deal with packet-level issues Firewalls serve best 12. NBIDS Future Artificial Intelligence Combination of: Anomaly Detection Misuse Detection New Hybrid Model 13. Cost Effectiveness One Third of attacks originate inside thecompany Firewalls only prevent unauthorized accessfrom outside the network Companies spent $3.8 Million/year Compared to $60,000 for a hardware-basedCisco NBIDS 14. Available NBIDS Snort Intrusion Prevention Software-based Free AIDE Software-Based Free IBM RealSecure ISS Software-Based ~$12,000 Cisco IPS 4270 Harware-based ~$50,000-$60,000 15. FAQ Why have a NBIDS if it cannot prevent ahack? When would it be necessary to use a Host-based Intrusion Detection System? What is a Signature? 16. Conclusion Goal: To achieve a balance NBIDS is not preventative Firewall Antivirus Host based IDS