Professional Documents
Culture Documents
Authentication/Authorization, Access List, Filters, Firewalls, IDS/IPS
Authentication/Authorization, Access List, Filters, Firewalls, IDS/IPS
Authentication/Authorization, Access List, Filters, Firewalls, IDS/IPS
Henric Johnson 25
25
Example: nmap – know open services
Henric Johnson 27
Intrusion Detection Techniques
• Statistical anomaly detection
– Treshold detection
– Profile based
• Rule based detection
– Anomaly detection
– Penetration identidication
Henric Johnson 28
Profiles of Behavior of Intruders and
Authorized Users
Henric Johnson 29
Measurable Parameters used in Intrusion
Detection
• Login frequency by day and time.
• Frequency of login at different locations.
• Time since last login.
• Password failures at login.
• Execution frequency.
• Execution denials.
• Read, write, create, delete frequency.
• Failure count for read, write, create and delete.
Henric Johnson 30
Passwords Hardening
A Major Step in Intrusion Prevention
• Password guessing and brute force calculation
are most popular intrusion techniques
• So, need to make passwords strong
– Combination of alphabets, numbers, other
characters
• ‘p@5sw0RD!2#’ is stronger than ‘password123’
– Avoid using names, pet names, object names etc in
password
– Frequently change critical and daily used passwords
Snort: IPS System Example
• Take it as a case study
– What is snort?
– How does it work?
– How to use it ?
• Ref: http://www.snort.org