intrusion prevention network security evan roggenkamp

16
Intrusion Prevention Network Security Evan Roggenkamp

Upload: bruno-cain

Post on 28-Dec-2015

229 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Intrusion Prevention Network Security Evan Roggenkamp

Intrusion PreventionNetwork Security

Evan Roggenkamp

Page 2: Intrusion Prevention Network Security Evan Roggenkamp

Summary Intrusion Detection Intrusion Prevention Types: NIPS, WIPS, NBA, HIPS Typical Components Overview

Page 3: Intrusion Prevention Network Security Evan Roggenkamp

Common Detection Methodologies Signature-Based Detection Anomaly-Based Detection Stateful Protocol Analysis

Page 4: Intrusion Prevention Network Security Evan Roggenkamp

IDPS TechnologiesTypical components of an IDPS solution are as follows: Sensor or Agent Management Server Database Server Console

Page 5: Intrusion Prevention Network Security Evan Roggenkamp

Network BasedTypical components of Network Based IDPS are as follows: Appliance Software Only Sensors Information Gathered Detection Capabilities

Page 6: Intrusion Prevention Network Security Evan Roggenkamp

Examples of Network-Based Intrusion Detection Tools

Snort (runs on Unix, Linux, Windows) RealSecure (Unix, Linux, Windows) Symantec Intrusion Detection (Unix, Linux)) Dragon (Unix and Linux) Network Flight Recorder (NFR) (Unix, Linux, Windows)

Page 7: Intrusion Prevention Network Security Evan Roggenkamp

Inline

Passive

Network-Based IDPS Architecture

Page 8: Intrusion Prevention Network Security Evan Roggenkamp

Wireless IDPS Typical Components are the same as network-based IDPS: Console,

Database, Servers (optional), management servers, and sensors.

Wireless sensors: Dedicated Fixed Mobile Bundled with AP Bundled with Wireless Switch Sensor Locations Information Gathered Detection Capabilities

Page 9: Intrusion Prevention Network Security Evan Roggenkamp

Wireless IDPS Architecture

Page 10: Intrusion Prevention Network Security Evan Roggenkamp

Network Behavior Analysis Typical Components are Sensors and Consoles, with some

products offering management servers (analyzers). Sensors Information Gathered Detection Capabilities

Page 11: Intrusion Prevention Network Security Evan Roggenkamp

NBA Architecture

Page 12: Intrusion Prevention Network Security Evan Roggenkamp

Host-Based IDPS Typical Components Agent Locations & Host Architectures Detection Capabilities

Page 13: Intrusion Prevention Network Security Evan Roggenkamp

Host-Based IDPS Architecture

Page 14: Intrusion Prevention Network Security Evan Roggenkamp

Performance Requirements Configuration and tuning Performance VS Detection Appliance-Based No open standards

Page 15: Intrusion Prevention Network Security Evan Roggenkamp

Design and Implementation Reliability Interoperability Scalability Security