Title: Some Great Open Source Intrusion Detection Systems (IDS)
1Some Great Open Source Intrusion Detection
Systems (IDSs)
2Introduction to IDS
Its simply a security software which is termed
to help user or system administrator by
automatically alert or notify at any case when a
user tries to compromise information system
through any malicious activities or at point
where violation of security policies is
taken. Intrusion Detection System (IDS) is
designed to monitor an entire network activity,
traffic and identify network and system attack
with only a few devices.
3IDSs prepare for and deal with attacks by
collecting information from a variety of system
and network sources, then analyzing the symptoms
of security problems.
4Some Benefits of IDS
Monitors the operations of firewalls, routers and
key management servers. Comes with extensive
attack signature database against which
information from the customers system can be
matched. Can recognize and report alterations to
data files. Allows administrator to tune,
organize and comprehend often incomprehensible
operating system audit trails and other logs.
5Intrusion Detection Techniques
IDS signature detection Anomaly detection
6IDS Signature Detection
Intrusion detection by signature is quite similar
to virus detection. So its easy to
implement. This type of detection works well
with the threads that are already determined or
known. It implicates searching a series of
bytes or sequence that are termed to be
malicious.
7(No Transcript)
8Strength of IDS Signature
Simple to implement Lightweight Low false
positive rate High true positive rate for known
attacks
9 Anomaly Detection
The anomaly detection technique is a centralized
process that works on the concept of a baseline
for network behaviour. This baseline is a
description of accepted network behaviour, which
is learned or specified by the network
administrators, or both. Its integral part of
baselining network is the capability of engine's
to dissect protocols at all layers.
10(No Transcript)
11Strength of Anomaly Detection
Identifies abnormal usual behavior. Matches the
attack with normal pattern. It's ability to
recognize novel attacks. IDS can detect new
types of attacks.
12What IDS Can Do?
Protect your system. Secure the information
flowing in the system. Matches the patterns of
activity of a system to that of an
attack. Attack detection for the IDS itself.
13Conclusion
Select IDS according to your needs and
requirement. There is about 400 different IDS
on the market. Only a few of IDS Signature
products integrate well in large environments,
are scalable, and easy to maintain.