1. agenda history. what’s an ids? security and roles types of violations. types of detection types...
Post on 18-Dec-2015
214 Views
Preview:
TRANSCRIPT
AGENDAHistory.WHAT’S AN IDS?Security and RolesTypes of Violations.Types of DetectionTypes of IDS.IDS issues.Application.
History:1970s - Observation by administrators
When an account is usedWhen/how much a resource is used
Early 1980s – Usage modelsFirst proposed by Anderson (1980)Based on accounting logsLogin frequency, volume data processed, etc.Batch processing; not real time
What’s an IDS?Any set of actions that attempt to
compromise the confidentiality, integrity, or availability of a computer resource is called as ids.
Term is overloaded
Trying to detect a policy violation
4
COMPUTER SECURITY AND ROLES: Confidentiality: Transforming data such that
only authorized parties can decode it.Authentication: Proving or disproving
someone’s or something’s claimed identity.Integrity checking: Ensuring that data cannot
be modified without such modification . being detectable
Non – repudiation: Proving that a source of some data did in fact send data that he might later deny sending
5
TYPES OF VIOLATIONS:Attack
Attempts to exploit a vulnerabilityEx: denial of service, privilege escalation
IntrusionActs as another legitimate user
MisuseUser abuses privilegesOften called the “insider threat”
6
TYPES OF DETECTION:Misuse detection
Built with knowledge of “bad” behaviorsCollection of signaturesExamine event stream for signature match
Anomaly detectionBuilt with knowledge of “normal” behaviorsExamine event stream for deviations from
normal
7
Types of IDSPrimary Types:
Network IDS (NIDS)Host IDS (HIDS)
Hybrid Types:Per-Host Network IDS (PH-NIDS)Load Balanced Network IDS (LB-NIDS)Firewall IDS (FW-IDS)
9
NETWORK BASED (Advantages)Can get information quickly without any
reconfiguration of computers.
Does not affect network or data sources
Monitor and detects in real time networks attacks or misuses
Does not create system overhead
NETWORK BASED (Disavantages)Cannot scan protocols if the data is
encrypted
Hard to implement on fully switched networks
Has difficulties sustaining network with a very large bandwidth
What’s HAPPENING?IN THE ABOVE FIG THERE ARE THREE
COMPUTERS1.TARGET HOST : IT IS ALSO A MAIN
COMPUTER AND CLIENT IS WORKING IN IT.
2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE COMPUTER BUT IT IS USED BY ATTACKER.
3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS SYSTEM THE HACKER TRIES TO HACK THE DATA PRESENT IN TARGET HOST.
13
IDS ISSUES: Lack of Physical Wires Bandwidth Issues Difficulty of Anomaly and Normality
Distinction Possibility of a Node Being Compromised
14
ONTOLOGY SERVERS
ONTOLOGY IS AN MEDICAL APPROACH WHICH IS IMPLEMENTED IN NETWORKS PLATFORM.
ONE OF THE APPROACH WHERE WE CAN PROVIDE
HIGH SECURITY IS BY USING ONTOLOGY SERVERS.
15
HOW IT WORKS?
WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA.
SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA PRESENT IN MAIN SERVER TO FOUR SUB SERVERS.
16
CONTD……SO WENEVER HACKER HACKS ANY SUBSERVER
HE WILL GET ONLY PARTIAL INFORMATION WHICH HE CANNOT ENCRYPT OR DECRYPT IT.
IF SUPPOSE CLIENT SENDS AN API TO SERVER TO SEND THE DATA WHICH IT SENT THEN THE MAIN SERVER WILL SEND THE API’S TO SUBSERVER GATHER THE INFORMATION AND SENDS IT BACK TO CLIENT.
17
ADVANTAGES:1.IT PROVIDES HIGH SECURITY.2.DATA LOSS IS LESS.
DIS ADVANTAGES:1.TIME TAKEN IS MORE AND COST IS HIGH.2.NEEDS MANY NUMBER OF SYSTEMS.
18
Conclusion:BY MAKING USE OF ABOVE APPROACH WE
CAN PROVIDE HIGH SECURITY TO ANY EXISTING SYSTEM.
WE CAN AVOID INTRUDERS INTRUDING THE DATA.
19
FUTURE ENHANCEMENT:There is a need for a COMPETENT analystNeed someone that can fine tune the IDS in
order to avoid false positive or false negativeMust subscribe to popular advisories and
security newsletters such as bugtraq, CERT, GIAC, SANS, and others
REFERENCES:[1] Lidong Z., Zygmunt J. H., “Securing ad hoc
networks”, IEEE Network, Vol. 13, No. 6, 1999, pp. 24-30.[2] Sundaram A., "An Introduction to Intrusion
Detection", http://www.acm.org/crossroads/xrds2-4/intrus.html[3] Arbaugh W., Shankar N., Wan Y.C.J., “Your
802.11 Wireless Network Has No Clothes”, University of Maryland, 30-Mar-2001.
21
top related