Intrusion Detection - PowerPoint PPT Presentation

About This Presentation
Title:

Intrusion Detection

Description:

Sun/Solaris and Symantec's ManHunt IDS. ID Analysis at 2 Gbits /sec. ManHunt uses distributed network sensors and a variety of methods to identify ... – PowerPoint PPT presentation

Number of Views:115
Avg rating:3.0/5.0
Slides: 10
Provided by: Dic972
Category:

less

Transcript and Presenter's Notes

Title: Intrusion Detection


1
Intrusion Detection
  • CS-480b
  • Dick Steflik

2
Hacking Attempts
  • IP Address Scans
  • scan the range of addresses looking for hosts
    (ping scan)
  • Port Scans
  • scan promising ports for openness (80, 21, )
  • Service Evaluation
  • determine the OS
  • Target Selection
  • pick the most vulnerable host, most running
    services...
  • Vulnerability Probes
  • Automated password attacks
  • FTP, HTTP, NetBIOS, VNC PCAnywhere.
  • Application specific attacks
  • try known vulnerabilities on present services

3
Intrusion Detection Systems (IDS)
  • Inspection Based (Signature Based)
  • Uses a database of known attack signatures
  • observe the activity on a host or network and
    make judgements about whether or not an intrusion
    is in progress or has taken place
  • look for known indicators
  • ICMP Scans, port scans, connection attempts
  • CPU, RAM I/O Utilization
  • File system activity, modification of system
    files, permission modifications
  • Anomaly Based
  • baseline the normal traffic and then look for
    things that are out of the norm
  • Variations of IDS
  • Rule based
  • Statistical
  • Hybrid

4
Decoys/Honeypots
  • Purposely place an incorrectly configured or
    unprotected system where it is easily found so
    that a hacker will try to use it as an attack
    vector.
  • All accesses will set off alarms that indicate an
    intrusion is in progress

5
IDS Systems
  • Tripwire
  • Windows or UNIX
  • alarms on modification to system files
  • c\
  • c\WINNT
  • c\WINNT\system
  • c\WINNT\system32
  • CyberCop
  • Network Assoc.
  • suite of 4 ID tools
  • Sun/Symantec
  • iForce IDS Appliance
  • Sun/Solaris and Symantecs ManHunt IDS
  • ID Analysis at 2 Gbits /sec
  • ManHunt uses distributed network sensors and a
    variety of methods to identify threats, including
    protocol-anomaly detection, signature detection,
    traffic-state profiling and statistical flow
    analysis.

6
SNORT
  • Open Source ( http//www.snort.org )
  • Uses
  • Packet Sniffer
  • produces a tcpdump formatted output
  • Packet Logger
  • can log packets so that after-the-fact data
    mining tools can be used for analysis
  • Traffic Debugging and Analysis
  • Can design a ruleset that recognizes certain
    traffic patterns
  • Can do both anomaly based and Inspection based
    detection
  • SPADE (Silicon Defense) a SNORT preprocessor
    that logs anomalies for later analysis

7
ActiveScout
  • ForeScout Technologies ( http//www.forescout.com
    )
  • Intrusion Prevention Tool
  • Method
  • Watches for hacker reconnaissance (port scans,
    NetBios Scans, ect.)
  • Return bogus info to hacker
  • If hackers attempts to break in with the bogus
    data Active Scout sets off alarms or block any
    further traffic for the intruder
  • Downside only works in conjunction with Check
    Points Firewall-1
  • Requires little administration and eliminates
    many false positives
  • Cost w/T1 port is about 10K

8
Manhunt
  • Symantec Corp. ( http//www.symantec.com )
  • Advanced Threat Management System
  • Signature based hybrid detection
  • protocol anomaly detection
  • traffic rate monitoring
  • protocol state tracking
  • IP packet reassembly to provide a level of
    detection superior to other, signature-based
    systems. These detection capabilities can
    identify threats in real time, eve
  • Real-time Analysis and Correlation
  • collects information from security devices
    throughout the network to spot trends
  • Automatic Policy Based Responses
  • Scaleable Across Geographic Areas of an
    Enterprise
  • one Manhunt can be configured across 10 network
    segments

9
Watson Researchers
  • Kanad Ghose
  • Doug Summerville
  • Viktor Skormann
  • Mark Fowler
Write a Comment
User Comments (0)
About PowerShow.com