null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
64494
Net Sec U11 - Intrusion Detection Systems (IDS)
Description
Mind Map on Net Sec U11 - Intrusion Detection Systems (IDS), created by Nick.Bell2013 on 01/05/2013.
Mind Map by
Nick.Bell2013
, updated more than 1 year ago
More
Less
Created by
Nick.Bell2013
over 11 years ago
84
9
0
Resource summary
Net Sec U11 - Intrusion Detection Systems (IDS)
Why IDS?
Perimeter security devices only prevent attacks by outsiders
why fail
firewall badly configured
attack too new
password sniffed
attacks
don't detect
don't react
insider threats
can elevate privileges
easier to map & exploit weak points
Ad Hoc
Unix - CERT checklist
1. check logs for unusual connection locations
2. "hacker activity"
3. system binaries not altered
4. network sniffers
5. check files run by 'cron' & 'at'
6. check sys files for unauthorised services
7. check "/etc/password" file
8. check sys & network config files re: unauthorised entries
9. check for hidden files
not recommended
automated systems
monitor multiple hosts
report & react
Knowledge-based aka Misuse detection
what attack signatures based on
Security policy
known vulnerabilities
known attacks
limits
new vulnerabilities
large dbase
time lag
Behaviour-based aka Statistical Anomaly Detection
base-line statistical behaviour
gather new data
exceed threshold = alarm
false: +'s and -'s
no dbase to maintain
Architecture
distributed set of sensors
centralised console
manage, analyse, report & react
protected communication
secured signature updates from vendor
NIDS
data source = network packets
network adaptor = promiscuous mode
attack recognition module
pattern/byte code matching
freq./threshold crossing
correlation of lesser events
deployment
firewall
outside
inside
between business units
behind remote access server
between Corp. & Partner networks
Strengths
cheap
fewer detection points
missed HIDS attacks
harder to hide evidence
real-time detection & response
OS independence
detects unsuccessful attacks/malicious intent
Weaknesses
placement critical
switched networks
partial matching
loaded/high-speed networks
indecipherable packets
packet spoofing
frag attacks
DoS
HIDS
monitors sys/event/security logs in NT & syslog in Unix
checks key sys files & .exe via checksums
regular expressions
port activity
deployment
key servers
sensitive info
"mission critical"
servers
Web
FTP/DNS
E-commerce
Strengths
missed NIDS attacks
verifies attack success/failure
monitors specific activities
needs little/no h/ware
encrypted & switched environments
Weaknesses
placement critical
indirect info
attacker fingerprints
full coverage hard
detection = too late?
The Future
integrated approach
NIDS + HIDS
better tools
reporting
management
visualisation
event correlation
Statistical Anomaly Detection
Intrusion Protection Systems?
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
SY0-401 Part 1 (50 questions)
desideri
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CCNA Security 210-260 IINS - Exam 3
irvin pastora
1.3 Network and Security Components
DJ Perrone
U1. OSI 7 Layer Reference Model
Craig Parker
Types of Attacks
River L.
CCNA Security 210-260 IINS - Exam 1
irvin pastora
Network Security Vocabulary
Shantal K Green
Maximizing Efficiency: A Comprehensive Guide to Cloud Services for Your Business
Andrew James
Browse Library