intrusion detection software (ids/9000)

Report

Post on 23-Jan-2016

55 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

Intrusion Detection Software (IDS/9000). Version B.00 H7076S Module 7 Slides. Kernel IDS. CPU. sulog. btmp. wtmp. syslog. Processes. Memory. Disk. Intrusion Detection Software Overview. IDS Client. IDS Client/Server Architecture. Kernel IDS. Kernel IDS. - PowerPoint PPT Presentation

TRANSCRIPT

1

hp education serviceseducation.hp.com

Intrusion Detection Software (IDS/9000)

Version B.00H7076S Module 7 Slides

2 © 2001 Hewlett-Packard Company

H7076S B.00

IDS Client

Intrusion Detection Software Overview

Memory

CPU

Processes

Kernel IDS

Disk

btmp wtmp syslogsulog

3 © 2001 Hewlett-Packard Company

H7076S B.00

IDS Client/Server Architecture

Memory

CPU

Processes

Kernel IDS

Disk

btmp wtmp syslogsulog

Memory

CPU

Processes

Kernel IDS

Disk

btmp wtmp syslogsulog

4 © 2001 Hewlett-Packard Company

H7076S B.00

Detection Templates

Modification of files and directories Changes to logfiles Creation of set UID files Creation of world writable files Repeated failed logins Repeated failed su attempts Race condition attacks Buffer overflow attacks Modification of another user’s files Monitor for the start of interactive sessions Monitor logins and logouts

5 © 2001 Hewlett-Packard Company

H7076S B.00

Detection Templates

Advanced Group

All TemplateGroup

FileModification

Group

LoginMonitoring

Group

Surveillance Groups

Surveillance Groups

Files Changes

Perm Changes

New WW Files

New SUID FilesFailed SU Attempts

Failed Logins

Race ConditionsUser Perm/File ChangesLogins/Logouts

Buffer Overflow User Logins

6 © 2001 Hewlett-Packard Company

H7076S B.00

Surveillance Schedules

Surveillance Groups

Advanced Group

All TemplateGroup

FileModification

Group

LoginMonitoring

Group

DetectionTemplates

Surveillance Schedule

File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59

Adv Group M-F 12:00-11:59File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59

7 © 2001 Hewlett-Packard Company

H7076S B.00

Surveillance Schedules to Host Mapping

Surveillance Groups

Advanced Group

All TemplateGroup

FileModification

Group

LoginMonitoring

Group

DetectionTemplates

Surveillance Schedule

File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59

Adv Group M-F 12:00-11:59File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59

IDSClients

8 © 2001 Hewlett-Packard Company

H7076S B.00

IDS System Management Window

9 © 2001 Hewlett-Packard Company

H7076S B.00

Alert Browser

10 © 2001 Hewlett-Packard Company

H7076S B.00

Error Browser

top related

intrusion detection system (ids) techniques and responses
Documents
ids ( intrusion detection system)
Documents
ids ( intrusion detection system )
Documents
intrusion detection system (ids)
Business
fail-operational intrusion detection system (fo-ids)
Documents
ids - intrusion detection systems (mk)
Education
intrusion detection & intrusion...
Documents
intrusion detection systems (ids) what is an ids?...
Documents
intrusion detection systems (ids) - chalmers to eda263...•...
Documents
evading ids, firewalls, and honeypots… · module 17 -...
Documents
intrusion detection system ( ids )
Documents
intrusion detection system (ids) · 2015-07-02 ·...
Documents
intrusion detection system (ids) product...
Documents
1 intrusion detection system (ids) outlines host-base ids...
Documents
analisa performa intrusion detection system (ids) snort
Documents
108 evaluation of intrusion detection systems · 2....
Documents
intrusion detection system (ids).ppt
Documents
intrusion detection • principles • models of intrusion...
Documents
machine learning in intrusion detection systems (ids)
Documents
intrusion detection systems -...
Documents