null
US
Iniciar Sesión
Regístrate Gratis
Registro
Hemos detectado que no tienes habilitado Javascript en tu navegador. La naturaleza dinámica de nuestro sitio requiere que Javascript esté habilitado para un funcionamiento adecuado. Por favor lee nuestros
términos y condiciones
para más información.
Siguiente
Copiar y Editar
¡Debes iniciar sesión para completar esta acción!
Regístrate gratis
64494
Net Sec U11 - Intrusion Detection Systems (IDS)
Descripción
Mapa Mental sobre Net Sec U11 - Intrusion Detection Systems (IDS), creado por Nick.Bell2013 el 01/05/2013.
Mapa Mental por
Nick.Bell2013
, actualizado hace más de 1 año
Más
Menos
Creado por
Nick.Bell2013
hace más de 11 años
85
9
0
Resumen del Recurso
Net Sec U11 - Intrusion Detection Systems (IDS)
Why IDS?
Perimeter security devices only prevent attacks by outsiders
why fail
firewall badly configured
attack too new
password sniffed
attacks
don't detect
don't react
insider threats
can elevate privileges
easier to map & exploit weak points
Ad Hoc
Unix - CERT checklist
1. check logs for unusual connection locations
2. "hacker activity"
3. system binaries not altered
4. network sniffers
5. check files run by 'cron' & 'at'
6. check sys files for unauthorised services
7. check "/etc/password" file
8. check sys & network config files re: unauthorised entries
9. check for hidden files
not recommended
automated systems
monitor multiple hosts
report & react
Knowledge-based aka Misuse detection
what attack signatures based on
Security policy
known vulnerabilities
known attacks
limits
new vulnerabilities
large dbase
time lag
Behaviour-based aka Statistical Anomaly Detection
base-line statistical behaviour
gather new data
exceed threshold = alarm
false: +'s and -'s
no dbase to maintain
Architecture
distributed set of sensors
centralised console
manage, analyse, report & react
protected communication
secured signature updates from vendor
NIDS
data source = network packets
network adaptor = promiscuous mode
attack recognition module
pattern/byte code matching
freq./threshold crossing
correlation of lesser events
deployment
firewall
outside
inside
between business units
behind remote access server
between Corp. & Partner networks
Strengths
cheap
fewer detection points
missed HIDS attacks
harder to hide evidence
real-time detection & response
OS independence
detects unsuccessful attacks/malicious intent
Weaknesses
placement critical
switched networks
partial matching
loaded/high-speed networks
indecipherable packets
packet spoofing
frag attacks
DoS
HIDS
monitors sys/event/security logs in NT & syslog in Unix
checks key sys files & .exe via checksums
regular expressions
port activity
deployment
key servers
sensitive info
"mission critical"
servers
Web
FTP/DNS
E-commerce
Strengths
missed NIDS attacks
verifies attack success/failure
monitors specific activities
needs little/no h/ware
encrypted & switched environments
Weaknesses
placement critical
indirect info
attacker fingerprints
full coverage hard
detection = too late?
The Future
integrated approach
NIDS + HIDS
better tools
reporting
management
visualisation
event correlation
Statistical Anomaly Detection
Intrusion Protection Systems?
Mostrar resumen completo
Ocultar resumen completo
¿Quieres crear tus propios
Mapas Mentales
gratis
con GoConqr?
Más información
.
Similar
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
SY0-401 Part 1 (50 questions)
desideri
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CCNA Security 210-260 IINS - Exam 3
irvin pastora
1.3 Network and Security Components
DJ Perrone
U1. OSI 7 Layer Reference Model
Craig Parker
Types of Attacks
River L.
CCNA Security 210-260 IINS - Exam 1
irvin pastora
Network Security Vocabulary
Shantal K Green
Maximizing Efficiency: A Comprehensive Guide to Cloud Services for Your Business
Andrew James
Explorar la Librería