stat 120

stat 120 - IntrusionDetection By HimaniSingh...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Intrusion Detection By Himani Singh ( himanisingh@comcast.net & Kavita Khanna ( kavita_jairath@yahoo.com (CS-265, Fall-2003)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Intrusion Detection  –  “Presentation  Outline” How an Intruder gets access? Security Holes and Vulnerabilities What is Intrusion Detection? Typical intrusion scenario Host based and Network based Intrusion  Detection. Knowledge based and behavioral based  Intrusion Detection. False positives   / false alarms. Do I need IDS if I already have a firewall?
Background image of page 2
3 How an Intruder get access Intruder  o hacker  and/or  cracker  who hacks into  systems and does unauthorized/  malicious activities   How does an intruder get access? o Physical Intrusion    remove some  hardware, disk, memory… o System Intrusion  low-privilege user  account o Remote Intrusion    across network
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Security Holes and  Vulnerabilities What? Softwar e bugs System  configuratio n Bad  Passwor Policy Traffic Sniffing Design  flaws
Background image of page 4
5 Security Holes and  Vulnerabilities Software bugs Buffer overflows – overflow input by intentional  code . Unexpected combinations :   PERL  can send some  malicious input to another program   Unhandled input :  action on invalid input ? Race conditions :  rare but possible System configuration Default configurations  - easy-to-use  configurations  Lazy administrators empty root/administrator  password   Hole creations Turn off everything that doesn't 
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Security Holes and  Vulnerabilities   (Cont…) Password cracking Weak passwords, Dictionary attacks and Brute force etc Sniffing unsecured traffic Shared medium   Server sniffing Remote access Design flaws TCP/IP protocol flaws Smurf—ICMP request as return address as  victim's SYN Flood-target run out of recourse,combine with IP  spooling UNIX design flaws Distributed DoS attack – Amazon and Yahoo  Do not forget  Social Engineering-  Hacker  “Kevin Mitnick” told congress that he use  technology only 2% of time
Background image of page 6
7 What is Intrusion Detection Intrusion:   An unauthorized activity or access to  an information system. Attack originated outside  the organization. Misuse : Attacks originating inside the  organization. Intrusion Detection (ID ):  process of detecting,  if Intrusion / Misuse has been attempted, is  occurring, or has occurred  .[1]   Intrusion and/or misuse can be as severe as  stealing sensitive information or misusing your  email system for Spam ID runs continuously  Does both Detection and Response The practical Intrusion Detection book by Paul E.Proctor .[1] 
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Typical intrusion scenario o o Step 2: inside reconnaissance  o o Step 4: foot hold 
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 57

stat 120 - IntrusionDetection By HimaniSingh...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online