Group5-FinalDraft

Group5-FinalDraft - Intrusion Detection & Prevention...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
I ntrusion D etection & P revention S ystems – Exploring the Honeynet Approach & Snort Weaknesses Authors: Fra nc is ,  C ha rle s Ne no v,  Ma rtin Q ua ye ,  De nnis 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
o UTLINE ± O ve rvie w ± Fire wa lls ± Type s  o f IDS / IPS ± Ho ne ypo ts  / Ho ne yne ts ± Exam ple s ± Re s e a rc h ± Mo dific atio ns ± C o nc lus io n 2
Background image of page 2
Ne two rk S e c urity o ve rvie w S e c urity Princ iple s ± Phys ic a l S e c urity ± Dis a s te r Re s is tant Building ± Ho t S ite ± Building  S e c urity ± The  C o m pute r Bo x  ± Ele c tro nic  S e c urity ± Lo g ins /Pas s wo rds ± O pe n po rts ± Fire wa lls ± Ba s tio n Ho s t/ DMZ – De m ilita rize d Zo ne 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Fire wa lls  –  “Ke e ping  o uts ide rs  o ut” ± Network layer and packet filters ± Application-layer ± Proxies ± Network address 4
Background image of page 4
Intrusion Detection Systems –”Sniffing fires” ± A security management system for computers and networks.  ± Gathers and analyzes information from various areas within a computer or a network to  identify possible security breaches ± Intrusion ± Misuse ± Compromised Systems ± Two different ways to detect ± Anomaly Based ± Signature Based 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Signature Based Intrusion Detection ± Examine network traffic ± Using a ‘ruleset’, find anything in the traffic that fits a rule ± A rule is a signature, a part of a known attack ± If there is something that fits a rule, ban/block the traffic. ± High detection rate for known attacks with rules written ± Zero detection rate for unknown attacks, or attacks without a rule 6
Background image of page 6
Anomaly Based Intrusion Detection ± Based on heuristics or rules, rather than patterns or signatures, and will detect  any type of misuse that falls out of normal system operation. ± Can detect attacks not known yet, attacks not common, or attacks that have  already compromised a machine ± High false positive rate / false negative rate 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Points for Intrusion detection systems ± Each IDS system the University of South Carolina buys is worth $100,000+,  millions spent overall ± Has to be worth quite a bit ± Great for detecting automated malicious attacks from inside the network ± Attack mitigation - Provides forensic information in case of attack 8
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 26

Group5-FinalDraft - Intrusion Detection & Prevention...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online