IDS - Information Technology - Lecture Slides, Slides of Information Technology

Download IDS - Information Technology - Lecture Slides and more Slides Information Technology in PDF only on Docsity!

Intrusion DetectionSystem(IDS)

What is IDS? • IDS are tools for obtaining security innetworks. • It helps the administrator to detect &respond to the malicious attacks which thefirewall was not able to detect & filter.

-^ This^ includes

network^

attacks

against^ services,

attacks^

on applications,^

unauthorized^

logins and access to sensitive files etc… • IDS^ thus^ forms

the^ second^

line^ of defence against malicious hacker &attackers.

Comparison with firewalls • Though^ they^ both

relate^ to^ network security, an IDS differs from a firewallin that a firewall looks outwardly forintrusions in order to stop them fromhappening. • Firewalls^ limit

access^ between networks to prevent intrusion and donot signal an attack from inside thenetwork.

-^ Normally^

the^ networks

use

firewall^ for^

protection^ against

security^ threats

but^ they^

can

rarely identify the type of attack. • So^ IDS^ is^

proven^ to^

be^ an

excellent tool for monitoring thetype of attack.

-^ There are two types of intrusiondetection system: -1. Reactive IDS 2. Passive IDS 1. Reactive IDS: - It is one in which ifthe intruder or attack is detected itdoes not alert the user.2. Passive IDS: - In it the user is alertedin silent mode i.e. through mails,pagers etc.

-^ But^ this^ firewall

cannot^ detect

if^ that

authorized^ person

has^ some^ malicious intentions or not. • But they can be detected by IDS. • IDS^ are^ combination

of^ early^ warning

& alarm system. • When someone attempts to force entry intoyour house, your alarm will sound to scareof intruder (a “reactive” IDS), or it mightmake a silent phone call to a local policestation(a “reactive” IDS).

Need of IDS • For any company with a connectionto internet, a firewall should alwaysbe your first line of defence. • But firewalls can be attacked, & oneway to plug^ these^ gaps

in^ your security is to use an IDS.

Advantages of IDS • General benefits of an IDS include thefollowing: - • It can detect the unauthorized user. • It can^ detect^ password

cracking^ & denial of services. • It^ can^ catch

illegal^

data manipulations.

-^ It^ monitors^

&^ analysis^ the

system

events & user behavior. • Managing^ OS

audit^ &^

logging mechanisms^

&^ the^ data

they generate. • Alerting^ appropriate

staff^ by appropriate means when attacks aredetected.

Limitations of IDS • IDS is unable to catch the events oftear drop attack. • A tear drop attack occurs when anattack sends fragments of data that asystem is unable to reassemble. • Such an attack may lead to freezingof the system.

-^ Most of them are unable to detect &prevent^ the^

misuse^ or^ unintendedconsequences.

-^ A direct attack on IDS by an attackeralso^ finishes

up^ its^ ability

to^ detect intrusion. So the attacker tries to shutdown the IDS & then attack on network. • Not^ all^ IDS^ are

compatible^ with

all routers.

-^ The IDS CAN provide the following: •^ CAN add a greater degree of integrity tothe rest of you infrastructure. •^ CAN trace user activity from point of entryto point of impact. •^ CAN recognize and report alterations todata. •^ CAN automate a task of monitoring theInternet searching for the latest attacks.

-^ CAN^ detect^

when^ your^ system

is

under attack. • CAN^ detect^ errors

in^ your^ system configuration. • CAN guide system administrator in thevital step of establishing a policy foryour computing assets. • CAN make the security managementof your system possible by non-expertstaff.