Figure 104: Intrusion Detection Systems IDSs - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Figure 104: Intrusion Detection Systems IDSs

Description:

Logging (Data Collection): Individual Events are Time-Stamped. Log is Flat File of Events ... FW Log. 6. Figure 10-4: Intrusion Detection Systems (IDSs) ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 9
Provided by: cscCol
Category:

less

Transcript and Presenter's Notes

Title: Figure 104: Intrusion Detection Systems IDSs


1
Figure 10-4 Intrusion Detection Systems (IDSs)
  • IDSs
  • Event logging in log files
  • Analysis of log file data
  • Alarms
  • Too many false positives (false alarms)
  • Too many false negatives (overlooked incidents)
  • Log files for retrospective analysis by humans

2
Figure 10-4 Intrusion Detection Systems (IDSs)
  • Elements of an IDS (Figure 10-5)
  • Event logging
  • Analysis method
  • Action
  • Management

3
Figure 10-5 Elements of a Simple IDS
Management Configuration, Tuning
Action Alarms, Queries, Reports
Analysis Attack Signatures and Heuristics
Logging (Data Collection) Individual Events are
Time-Stamped Log is Flat File of Events
4
Figure 10-4 Intrusion Detection Systems (IDSs)
  • Distributed IDSs (Figure 10-6)
  • Managers
  • Agents
  • Distribution of functionality between agents and
    managers (analysis and action)

5
Figure 10-6 Distributed IDS
Manager
Site
Host IDS
Agent
Log File Transfer in Batch Mode or Real Time
Internet Connection
Agent
Agent
Agent
Main Firewall
Internal Switch-Based Network IDS
Stand-Alone Network IDS
6
Figure 10-4 Intrusion Detection Systems (IDSs)
  • Distributed IDSs (Figure 10-6)
  • Batch versus Real-Time Data Transfer
  • Batch mode Every few minutes or hours efficient
  • Real-time As events occur or shortly afterward
    little or no data loss if attacker eliminates log
    file on agents computer

7
Figure 10-4 Intrusion Detection Systems (IDSs)
  • Distributed IDSs (Figure 10-6)
  • Secure manager-agent communication
  • Vendors automatic updates with secure
    communication
  • Network IDSs (NIDSs)
  • Capture packets
  • Stand-alone NIDS collects data for only its
    portion of the network
  • Switch or router NIDSs can collect data on all
    ports

8
Figure 10-4 Intrusion Detection Systems (IDSs)
  • Network IDSs (NIDSs)
  • NIDS placement
  • Between main firewall and internal or external
    network for relevant or all attacks
  • At internal points to detect internal mischief
  • Weaknesses
  • Blind spots in network where no NIDS data is
    collected
  • Cannot filter encrypted packets
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Figure 104: Intrusion Detection Systems IDSs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!