NDIS - PowerPoint PPT Presentation

About This Presentation
Title:

NDIS

Description:

What is a Network Intrusion Detection System (NIDS) – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 12
Provided by: Meru7
Category:
Tags: ndis | irda

less

Transcript and Presenter's Notes

Title: NDIS


1
What is a Network Intrusion Detection System
(NIDS)"?
2
What is a Network Intrusion Detection System
(NIDS)"?
  • A Network Intrusion Detection System is a system
    which can identify suspicious patterns in network
    traffic
  • NIDS is designed to allows Data to be transmitted
    in Real-Time across any TCP/IP Network or
    connection, i.e. from any 2 PCs or Wireless
    Devices to millions, in Real-Time

3
Some of the major features in NIDS in Windows
2000 include
  • Support for Plug and Play, Power Management,
    and Windows Management Instrumentation(WMI)
  • Support for connection-oriented media such as
    asynchronous transfer mode (ATM).

4
Features
  • Support for older (legacy) transport stacks over
    connection-oriented media (for example, the LAN
    Emulation (LANE) driver and User Network
    Interface (UNI) Call Manager).
  • The ability to offload tasks from the TCP/IP
    transport to the network adapter (for example,
    TCP/IP checksum tasks, IP Security tasks, and the
    segmentation of large TCP packets).

5
  • High performance OS Specific capture module for
    Linux
  • Packet decode engine fully supports encapsulation
  • Decode plugins included for many protocols

6
  • Easy to configure just one config file
  • Full IP defragmentation
  • TCP stateful inspection with window tracking
  • Intelligent TCP stream reassembly
  • Full application layer decodes
  • EXTREMELY fast and scalable signature engine
  • Configurable token-bucket rate-limiting of any
    alerts

7
Supported Protocols
  • TCP/IP Suite (IPv4,TCP,UDP,ICMP,IGMP)
  • 802.1q (vlan)
  • Can differentiate EthernetII and novell IPX
    frames
  • Can decode LLC and SNAP
  • IPX, SAP
  • Linux cooked sockets (SLL) in two different
    formats
  • GRE (generic routing encapsulation)
  • IrDA (infra-red)
  • ARP/Appletalk ARP

8
Planned Features
  • Some performance enhancements
  • Proper remote alerting to central firestorm
    server
  • Analyst consoles to read data from central server
  • Central management of all configuration from
    analyst console

9
What happens after a NIDS detects an attack?
  • Reconfigure firewall
  • chime
  • SNMP Trap
  • NT Event
  • syslog
  • send e-mail
  •  page
  • Log the attack
  • Save evidence
  • Launch program
  • Terminate the TCP session

10
How can one detect if someone is running a NIDS?
  • A NIDS is essentially a sniffer, so therefore
    standard sniffer detection techniques can be
    used. An example would be to do a traceroute
    against the victim. This will often generate a
    low-level event in the IDS.

11
NIDS
  • BY Meron Girma
  • Cis. 450
  • Professor Anrivor
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NDIS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!