Scribd
Upload
53 views10 pages

Intrusion Detection Systems - Gerena

An intrusion detection system (IDS) is hardware or software that detects inappropriate, incorrect, or anomalous activity within a system. An IDS gathers information about network traffic or system processes and compares it to attack signatures or established baselines to identify possible incidents. It then reports any incidents to an administrator. A typical IDS has sensors to monitor network traffic, a collector to analyze the traffic for attacks, a manager to check for alerts, and a database of signatures. IDS can be anomaly-based, comparing to a baseline, or signature-based, comparing to known attacks. They can monitor entire networks or individual hosts, and either passively report attacks or actively respond by blocking traffic.

Uploaded by

Shaban Mahekula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
53 views10 pages

Intrusion Detection Systems - Gerena

An intrusion detection system (IDS) is hardware or software that detects inappropriate, incorrect, or anomalous activity within a system. An IDS gathers information about network traffic or system processes and compares it to attack signatures or established baselines to identify possible incidents. It then reports any incidents to an administrator. A typical IDS has sensors to monitor network traffic, a collector to analyze the traffic for attacks, a manager to check for alerts, and a database of signatures. IDS can be anomaly-based, comparing to a baseline, or signature-based, comparing to known attacks. They can monitor entire networks or individual hosts, and either passively report attacks or actively respond by blocking traffic.

Uploaded by

Shaban Mahekula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Intrusion Detection

Systems
Dj Gerena
What is an
Intrusion Detection System
• Hardware and/or software
• Attempts to detect Intrusions
• Heuristics /Statistics
• Signatures
• Gathers and reports incidents
• Sent to console
• Trigger a response
Composition of an IDS
• Components are added into an existing network
• Sensor
• Copy a record of all network activity and sends it to
the Collector
• Collector
• Determines if an attack is taking place
• IDS Manager
• Laptop/Desktop with IDS software
• Check for alerts
• Change settings
• Database
• Houses network baseline data or attack signatures
Anomaly Based vs. Signature Based IDS
• Anomaly Based
• Monitors network traffic
• Keeps track of patterns of traffic and information to
obtain baseline
• If deviation in network behavior is detected, IDS will
assume an attack
• Higher risk of false positive
• Signature Based
• Attack Signature database is maintained
• Compare traffic to the database
• If match is found, alert is sent
• Requires constant updates
Network-Based vs. Host-Based
IDS
• Network-Based
• Monitors all traffic on the network
• Useful for monitoring non critical systems.
• Host-Based
• IDS customized to a specific server
• Being closer to host allows for greater chance
of detection
• Prevents threats such as Trojans and backdoors
from being installed form within the network
Passive vs. Reactive
• Passive
• When an attack is detected an alarm or alter
will be triggered
• No further action is performed by the IDS
• Reactive
• Collector will send an alert
• Send instruction to firewall and router to block
activity from occurring on the network
• Response should be managed and assessed,
regardless of system being used.
Response to Attacks
• If an automatic response was not enacted
• Verify that an attack occurred
• Shutdown any necessary ports or processes
• Do a quick damage assessment
• Once response has been applied
• Patch/block vulnerabilities
• Verify if attack has ended
• Determine whether to lift blocks
Benefits of IDS
• Eliminate the need to shut down a
network when an attack occurs
• Allows user to observe the type of attack
and methods used by the attack to prevent
future attacks
• The security baseline defines the criteria
such as used bandwidth, protocols, ports,
and the types of devices that can be
connected to each-other.
Sources
• http://www.firewalls.com/blog/intrusion_detection/
• https://
www.sans.org/reading-room/whitepapers/detection/understa
nding-intrusion-detection-systems-337
• https://
www.sans.org/reading-room/whitepapers/detection/intrusion
-detection-systems-definition-challenges-343
• http://www.youtube.com/watch?v=O2Gz-v8WswQ

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy