intrusion detection software (ids/9000)
DESCRIPTION
Intrusion Detection Software (IDS/9000). Version B.00 H7076S Module 7 Slides. Kernel IDS. CPU. sulog. btmp. wtmp. syslog. Processes. Memory. Disk. Intrusion Detection Software Overview. IDS Client. IDS Client/Server Architecture. Kernel IDS. Kernel IDS. - PowerPoint PPT PresentationTRANSCRIPT
1
hp education serviceseducation.hp.com
Intrusion Detection Software (IDS/9000)
Version B.00H7076S Module 7 Slides
2 © 2001 Hewlett-Packard Company
H7076S B.00
IDS Client
Intrusion Detection Software Overview
Memory
CPU
Processes
Kernel IDS
Disk
btmp wtmp syslogsulog
3 © 2001 Hewlett-Packard Company
H7076S B.00
IDS Client/Server Architecture
Memory
CPU
Processes
Kernel IDS
Disk
btmp wtmp syslogsulog
Memory
CPU
Processes
Kernel IDS
Disk
btmp wtmp syslogsulog
4 © 2001 Hewlett-Packard Company
H7076S B.00
Detection Templates
Modification of files and directories Changes to logfiles Creation of set UID files Creation of world writable files Repeated failed logins Repeated failed su attempts Race condition attacks Buffer overflow attacks Modification of another user’s files Monitor for the start of interactive sessions Monitor logins and logouts
5 © 2001 Hewlett-Packard Company
H7076S B.00
Detection Templates
Advanced Group
All TemplateGroup
FileModification
Group
LoginMonitoring
Group
Surveillance Groups
Surveillance Groups
Files Changes
Perm Changes
New WW Files
New SUID FilesFailed SU Attempts
Failed Logins
Race ConditionsUser Perm/File ChangesLogins/Logouts
Buffer Overflow User Logins
6 © 2001 Hewlett-Packard Company
H7076S B.00
Surveillance Schedules
Surveillance Groups
Advanced Group
All TemplateGroup
FileModification
Group
LoginMonitoring
Group
DetectionTemplates
Surveillance Schedule
File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
Adv Group M-F 12:00-11:59File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
7 © 2001 Hewlett-Packard Company
H7076S B.00
Surveillance Schedules to Host Mapping
Surveillance Groups
Advanced Group
All TemplateGroup
FileModification
Group
LoginMonitoring
Group
DetectionTemplates
Surveillance Schedule
File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
Adv Group M-F 12:00-11:59File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
IDSClients
8 © 2001 Hewlett-Packard Company
H7076S B.00
IDS System Management Window
9 © 2001 Hewlett-Packard Company
H7076S B.00
Alert Browser
10 © 2001 Hewlett-Packard Company
H7076S B.00
Error Browser