null
US
Anmelden
kostenlos registrieren
Registrieren
Wir haben festgestellt, dass Javascript in deinem Browser nicht aktiviert ist. Aufgrund des dynamischen Charakters unserer Website muss Javascript allerdings entsprechend aktiviert sein. Bitte lese dir unsere
Geschäftsbedingungen
durch, um mehr Informationen zu erhalten.
Nächster
Kopieren und bearbeiten
Sie müssen sich anmelden, um diese Aktion abzuschließen!
Kostenlos registrieren
64494
Net Sec U11 - Intrusion Detection Systems (IDS)
Beschreibung
Mindmap am Net Sec U11 - Intrusion Detection Systems (IDS), erstellt von Nick.Bell2013 am 01/05/2013.
Mindmap von
Nick.Bell2013
, aktualisiert more than 1 year ago
Mehr
Weniger
Erstellt von
Nick.Bell2013
vor mehr als 11 Jahre
84
9
0
Zusammenfassung der Ressource
Net Sec U11 - Intrusion Detection Systems (IDS)
Why IDS?
Perimeter security devices only prevent attacks by outsiders
why fail
firewall badly configured
attack too new
password sniffed
attacks
don't detect
don't react
insider threats
can elevate privileges
easier to map & exploit weak points
Ad Hoc
Unix - CERT checklist
1. check logs for unusual connection locations
2. "hacker activity"
3. system binaries not altered
4. network sniffers
5. check files run by 'cron' & 'at'
6. check sys files for unauthorised services
7. check "/etc/password" file
8. check sys & network config files re: unauthorised entries
9. check for hidden files
not recommended
automated systems
monitor multiple hosts
report & react
Knowledge-based aka Misuse detection
what attack signatures based on
Security policy
known vulnerabilities
known attacks
limits
new vulnerabilities
large dbase
time lag
Behaviour-based aka Statistical Anomaly Detection
base-line statistical behaviour
gather new data
exceed threshold = alarm
false: +'s and -'s
no dbase to maintain
Architecture
distributed set of sensors
centralised console
manage, analyse, report & react
protected communication
secured signature updates from vendor
NIDS
data source = network packets
network adaptor = promiscuous mode
attack recognition module
pattern/byte code matching
freq./threshold crossing
correlation of lesser events
deployment
firewall
outside
inside
between business units
behind remote access server
between Corp. & Partner networks
Strengths
cheap
fewer detection points
missed HIDS attacks
harder to hide evidence
real-time detection & response
OS independence
detects unsuccessful attacks/malicious intent
Weaknesses
placement critical
switched networks
partial matching
loaded/high-speed networks
indecipherable packets
packet spoofing
frag attacks
DoS
HIDS
monitors sys/event/security logs in NT & syslog in Unix
checks key sys files & .exe via checksums
regular expressions
port activity
deployment
key servers
sensitive info
"mission critical"
servers
Web
FTP/DNS
E-commerce
Strengths
missed NIDS attacks
verifies attack success/failure
monitors specific activities
needs little/no h/ware
encrypted & switched environments
Weaknesses
placement critical
indirect info
attacker fingerprints
full coverage hard
detection = too late?
The Future
integrated approach
NIDS + HIDS
better tools
reporting
management
visualisation
event correlation
Statistical Anomaly Detection
Intrusion Protection Systems?
Zusammenfassung anzeigen
Zusammenfassung ausblenden
Möchten Sie
kostenlos
Ihre eigenen
Mindmaps
mit GoConqr erstellen?
Mehr erfahren
.
ähnlicher Inhalt
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
SY0-401 Part 1 (50 questions)
desideri
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CCNA Security 210-260 IINS - Exam 3
irvin pastora
1.3 Network and Security Components
DJ Perrone
U1. OSI 7 Layer Reference Model
Craig Parker
Types of Attacks
River L.
CCNA Security 210-260 IINS - Exam 1
irvin pastora
Network Security Vocabulary
Shantal K Green
Maximizing Efficiency: A Comprehensive Guide to Cloud Services for Your Business
Andrew James
Bibliothek durchsuchen