Professional Documents
Culture Documents
Security Technology: Intrusion Detection, Access Control and Other Security Tools
Security Technology: Intrusion Detection, Access Control and Other Security Tools
Security Technology: Intrusion Detection, Access Control and Other Security Tools
Network based
Focused on protection network information assets
Wireless
Network behavior analysis
Host-based
Focused on protection server of host’s information assets
Network-Based
Advantages
Needs few devices to monitor large network
Little or no disruption to normal operations
May not be detectable by attackers
Disadvantages
Overwhelmed by network volume
Requires access to all traffic
Cannot analyze encrypted packets
Cannot ascertain if an attack was successful
Some forms of attack are not easily discerned
Fragmented packets
Malformed packets
Wireless NIDPS
Advantages
Aware of specific users
Able to operate on encrypted data
Disadvantages
More susceptible to attack
Less capable of detecting software tampering
IDS Methodologies
Similar to NIDS
Reviews logs
Looks for patterns & signatures in log files
Able to look at multiple log files from different systems
Large storage requirement
Responses to IDS
Security policy
Structure
Job descriptions of system user
Include reasonable use policy
What are you going to do if violation occurs
Which One?
Centralized
Partially distributed
Fully distributed
Centralized
Opposite of centralized
All control functions applied at the physical location of each IDS
component
Each sensor/agent is best configured to deal with its own
environment
Reaction to attacks sped up
Partially Distributed Control
Honey Net
Collection of honey pots
Connects honey pots on a subnet
Contains pseudo-services the emulated well-known services
Filled with factious information
Honey Pots / Honey Nets / Padded Cell
Systems
Padded Cell
Protected honey pot
IDS detects attacks and transfers to simulated environment
Monitors action of attacker
Trap and Trace Systems