Intrusion Detection System(IDS) at a Glance

1
Intrusion Detection System (IDS) at a Glance
2
Intrusion Detection System or IDS is a security
software which is designed to help administrator
to automatically alert or notify at any case when
a user tries to compromise information system
through any malicious activities or at point
where violation of security policies are taken.
It helps to deals with such attacks by inspecting
all of the inbound or outbound traffic on a
network.
3
Types Of Intrusions / Attacks
Web Based Attacks
SQL Injection, Web Shells
LFI, RFI and XSS Attacks
Network Based Attacks
Unauthorized Login
Denial Of Service attacks
Scanning ports and services
Replication of Worms, Trojan, Virus
Spoofing Attacks ( Arpspoof, Dns spoof Attacks )
Zero Day Attacks
Attacks that arent known.
4
How detection is performed in IDS Software?
IDS Signature Based detection- This type of
detection work well with the threads that are
already determined or known.
Anomaly-based detection-- This detection works on
the basis of Comparison. It determines the traits
of a normal action against characteristics that
marks them as abnormal.
5
A Typical Intrusion detection functions include
Monitoring and analyzing both user and system
activities
Analyzing system configurations and
vulnerabilities
Assessing system and file integrity
Ability to recognize typical patterns of attacks
Analysis of abnormal activity patterns
Tracking user policy violations
6
Major component of an IDS System
Network Intrusion Detection System (NIDS) This
does analysis for traffic on a whole subnet and
will make a match to the traffic passing by to
the attacks already known in a library of known
attacks.
7
Network Node Intrusion Detection System
(NNIDS) This is similar to NIDS, but the
traffic is only monitored on a single host, not a
whole subnet.
8
Host Intrusion Detection System (HIDS) This
takes a picture of an entire systems file set
and compares it to a previous picture. If there
are significant differences, such as missing
files, it alerts the administrator.
9
PROS of an IDS System
CAN add a greater degree of integrity to the
rest of your infrastructure CAN trace user
activity from point of entry to point of
impact CAN recognize and report alterations to
data CAN automate a task of monitoring the
Internet searching for the latest attacksCAN
detect when your system is under attackCAN make
the security management of your system possible
bynon-expert staff
10
CONS Related to an IDS System
CAN NOT compensate for a weak identification and
authentication mechanisms CAN NOT conduct
investigations of attacks without human
intervention CAN NOT compensate for weaknesses in
network protocolsCAN NOT analyze all the traffic
on a busy networkCAN NOT always deal with
problems involving packet-level attacksCAN NOT
deal with some of the modern network hardware and
features
11
How to protect IDS

• Dont run any service on your IDS sensor
• The platform on which you are Running IDS should
  be patched with the latest release from your
  vendor
• Configure the IDS machine so that it doesn't
  respond to ping packets
• User account should not be created except those
  that are necessary