Lecture 11 Intrusion Detection Prevention Monitoring

Lecture 11 Intrusion Detection Prevention Monitoring - CS...

Info icon This preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 393/682 – Network Security Intrusion Detection/Prevention/Monitoring
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Course Logistics I am back! At least for some time Lab 6 posted. Questions? Concerns?
Image of page 2
Network Monitoring Should you monitor your network? Why? Performance Security? Network Security Monitoring - the collection, analysis, and escalation of indications and warnings to detect and respond to network security related events
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Intrusions An intrusion is defined as the unauthorized use, misuse, or abuse of computer systems by either authorized users or external perpetrators. Types of Intrusions: External attacks attempted break-ins, denial of service attacks, etc. Internal attacks Masquerading as some other user Misuse of privileges, malicious attacks Clandestine users: exploiting bugs in privileged programs
Image of page 4
Fighting intrusion Prevention: isolate from network, strict authentication measures, encryption Preemption: “do unto others before they do unto you” Deterrence: dire warnings, “we have a bomb too.” Deflection: diversionary techniques to lure away Detection Counter attacks
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
What is IDS? What is IPS? An Intrusion Detection System (IDS) is a system that attempts to identify intrusions. Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources. An Intrusion Prevention System (IPS) is mostly marketing spin.
Image of page 6
Why Is IDS Necessary? It’s difficult to ensure that an information system will be free of security flaws. New bugs keep surfacing. Even if network is secured from outsiders, how do you guard against malicious insiders? It’s hard to prevent naive users from opening e-mail viruses and download rigged programs unknowingly.
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Examples of IDS in daily life Car Alarms House Alarms Surveillance Systems Spy Satellites, and spy planes (U2 and SR-71)
Image of page 8
Why is Intrusion Detection Possible? Predictable usage pattern A typical user checks mail, checks news, stock prices, bank account when he/she logs in. Its abnormal for a user to run user management utilities once he/she logs in. Actions of Users and processes do not subvert security policies of the system Users who try to take advantage of a race condition to gain access to files
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Why is Intrusion Detection Possible? Actions of processes conforms to security policies Some examples of action that do not conform to security policies: sendmail trying to read passwd file!! System logger sending messages to a file in guest users directories Systems under attack fail to meet at least one of the above three characteristics. (Denning)
Image of page 10
Intrusion Detection Idea: Attack can be discovered by one of the above being violated Problem: Definitions hard to make precise Practical goal of intrusion detection systems: Detect a wide variety of intrusions Detect in a timely fashion Present in a useful manner Be (sufficiently) accurate
Image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Architecture of a Generic IDS CONFIGURATION DATABASE SYSTEM DETECTOR COUNTERMEASURE ALARMS AUDITS ACTIONS
Image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern