Docstoc

Overview of intrusion detection system

Document Sample
Overview of intrusion detection system Powered By Docstoc
					        Intrusion
     detection system
23-aug-05   Intrusion detection system   1
            Overview of intrusion
             detection system
    •What is intrusion?

    •What is intrusion detection ?

    •What is intrusion detection system

    •Functions of IDS
23-aug-05            Intrusion detection system   2
            Process models of intrusioin
                    detection

1. Information sources

2. Analysis

3. Response


23-aug-05            Intrusion detection system   3
              IDS Architecture
• Architecture collection/storage unit.

• Processing unit.

• Alarm/response units.




23-aug-05            Intrusion detection system   4
            Information sources

• NIDS(network based IDs)

• HIDS(host based IDS)

• Application based IDS.



23-aug-05          Intrusion detection system   5
            IDS Analysis/Techniques
• Misuse detection

• Anomaly detection

• Specification-based detection




23-aug-05            Intrusion detection system   6
             Misuse detection
• Analyzes system activity

• Matches the patterns of activity of a system to that
  of an attack

• Advantages

• Disadvantages
23-aug-05           Intrusion detection system           7
              Anomaly detection

• Identifies abnormal usual behavior.

• Matches the attack with normal pattern.

• Advantages

• Disadvantages
  23-aug-05           Intrusion detection system   8
    Specification based detection

• Combines anomaly & misuse detection.

• Advantages.

• Disadvantages.


23-aug-05          Intrusion detection system   9
            Tools for IDS



23-aug-05      Intrusion detection system   10
             Deploying IDS

• Deployment of NIDS.

• Deployment of HIDS .




23-aug-05         Intrusion detection system   11
            Deployment of NIDS
• Figure
• Location 1
• Location 2
• Location 3
• Location 4




23-aug-05        Intrusion detection system   12
            Deployment of HIDS .




23-aug-05         Intrusion detection system   13
              Strength of IDS
• Monitoring and analysis of system events and user
  behavior.
• Testing the security states of system configuration.
• Tracking any changes to the baseline of the security
  system.
• Recognizing patterns of the system events that
  corresponding to known attacks
• Recognizing patterns of normal activity.
23-aug-05            Intrusion detection system          14
                  Limitations

• Detecting newly published attacks

• Automatically investigating attacks without human
  interventions.

• Detecting attacks in heavily loaded networks.

23-aug-05           Intrusion detection system        15
            Challenges with IDS

• Protecting IDS from attacks.

• Too many false alarms.

• Choosing grid IDS policy.


23-aug-05           Intrusion detection system   16
            conclusion

23-aug-05     Intrusion detection system   17
            Thank you

23-aug-05     Intrusion detection system   18

				
DOCUMENT INFO