Dcit 418-Slide two presentation (1).pptx

kojokoranteng19 11 views 42 slides Aug 26, 2024
Slide 1
Slide 1 of 42
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42

About This Presentation

pptx

Size: 504.46 KB
Language: en
Added: Aug 26, 2024
Slides: 42 pages

Slide Content

DCIT 418 System and Network Security Module 2 : Detecting and Preventing System Intrusions Lecturer: Dr E.D. Ansong , Dept of Computer Sc. Contact Information: [email protected]

Learning Objectives By the end of this module, you should be able to: Provide an overview of what system intrusions are, including common methods used by attackers to gain unauthorized access to computer systems. Explain the role of intrusion detection systems in identifying and alerting to potential security breaches, including network-based and host-based IDS. . ED Ansong Dept of Computer Sc. Slide 2

Learning Objectives Describe how intrusion prevention systems go beyond detection to actively block or mitigate threats in real-time, enhancing overall network security. Discuss challenges associated with intrusion detection and prevention, such as false positives (incorrectly identifying benign activity as malicious) and false negatives (failing to detect actual intrusions).

Intrusion Terminology Intrusion: attack on information where malicious perpetrator tries to break into, disrupt system Intrusion detection: includes procedures and systems created and operated to detect system intrusions Intrusion reaction: covers actions organization takes upon detecting intrusion • Intrusion correction activities: restore normal operations I n t r u s i on pr eve n ti o n : acti ons t h a t t r y t o d ete r i n t r us i ons p r o acti v el y

Intrusion Detection System (IDS) An Intrusion Detection System (IDS) is a security tool designed to monitor network or system activities for malicious or suspicious behavior. It works by analyzing incoming and outgoing network traffic, as well as system logs, looking for patterns that indicate unauthorized access, misuse, or potential security threats.

Some IDS Terminologies Alert,Alarm : A notification generated by an IDS to indicate suspicious or potentially malicious activity detected on the network or system. False Negative: A false negative occurs when an IDS fails to detect actual malicious activity or an intrusion, incorrectly classifying it as benign or normal behavior. False Positive: occurs when an IDS incorrectly identifies legitimate activity as malicious or suspicious, generating unnecessary alerts or alarms

Some IDS Terminologies Cont’d Confidence Value: The confidence value represents the level of certainty or reliability assigned to an alert or detection event by the IDS. Alarm Filtering: Alarm filtering refers to the process of prioritizing and managing alerts generated by an IDS to reduce the volume of notifications and focus attention on the most critical security events.

Terminologies Cont’d Confidence Value: The confidence value represents the level of certainty or reliability assigned to an alert or detection event by the IDS. Alarm Filtering: Alarm filtering refers to the process of prioritizing and managing alerts generated by an IDS to reduce the volume of notifications and focus attention on the most critical security events.

Why Use an IDS Prevent problem behaviors by increasing the perceived risk of discovery and punishment Detect attacks and other security violations Detect and deal with preambles to attacks Document existing threat to an organization Act as quality control for security design & administration Provide useful information about intrusions that take place

How IDS works Figure 1.0 General IDS operation

IDS Classification Methods IDS operation: – Network-based intrusion detection syst. (NIDS) – Host-based IDS (HIDS) – Application-based systems ( AppIDS ) IDS detection methods: – Signature-based (sig IDS) – Statistical anomaly-based (stat IDS)

Types of Intrusion Detection System (IDS) There are two main types of IDS Network-based IDS (NIDS): NIDS monitors network traffic in real-time, examining packets passing through the network. It can detect anomalies or known attack patterns by comparing network activity to a database of signatures or predefined rules Host-based IDS (HIDS): HIDS operates on individual host machines, monitoring activities such as file system changes, logins, and system calls. It compares these activities against known patterns of malicious behavior from normal activity.

Types of IDS Cont’d There is also Application-based Intrusion Detection Systems (IDS) Unlike network-based IDS, which focus on monitoring network traffic, application-based IDS operate at the application layer of the OSI (Open Systems Interconnection) model, analyzing activity within individual applications or services

Advantages of NIDS Advantages Organization can monitor large network with few devices Passive; deployment minimally disrupts operations • Less susceptible to attack; attackers may not detect them

Disadvantages of NIDS Disadvantages Can be overwhelmed by volume of network traffic Need to monitor all traffic Cannot analyze encrypted network packets Cannot determine if attack was successful Cannot detect some attacks (e.g., fragmented packets)

How NIDS works Figure 2.0 NIDS operation

Statistical anomaly-based (stat IDS) • Statistical anomaly-based IDS sample network activity, compare to “known normal” traffic IDS sounds alarm when activity is outside baseline parameters • Advantage: IDS can detect new types of attacks • Disadvantages: – Requires more overhead, compute power than signature-based IDSs – May generate many false positives

Advantages of HIDS Advantages Detect local events, attacks on host systems that NIDSs may not  Can view encrypted traffic (as it has been decrypted on system)  H I D S is una f f ec t ed by s w it ched network protocols  Can detect inconsistencies in apps, programs by examining audit logs

Disadvantages of HIDS Disadvantages Harder to manage than NIDSs Vulnerable to attacks against host operating system, HIDS Cannot detect scans of multiple hosts, non-network devices H I D Ss po t en ti al t a r ge t s f or den i a l - of-service (DoS) attack May use lots of disk space Possible large compute

How HIDS works Figure 3.0 HIDS operation

IDS Deployment Overview NIST recommends four locations for NIDSs: Location 1: behind each external firewall, in the network DMZ Location 2: outside an external firewall Location 3: on major network backbones Location 4: on critical subnets

IDS Deployment Overview Figure 4.0 NIDS Sensor locations

Deploying HIDS • Steps: – First: install HIDSs on most critical systems – Next: install HIDSs on all systems or until organization reaches tolerable degree of coverage

Measuring Effectiveness of IDS • IDSs are evaluated using two dominant metrics: – # of attacks detected in a known collection of probes – Network bandwidth at which IDSs fail Example: At 1 Gbits /sec, IDS detected 95% of directed attacks against it • Many vendors provide test suites for verification • Example test suites: – Record, retransmit real packet trace from virus/worm – Perform same for malformed packets (e.g., SYN flood) – Launch

Honeypots, Honeynets, and Padded Cell Systems • Honeypots: decoy systems designed to lure potential attackers away from critical systems • Design goals: – Divert attacker from accessing critical systems – Gather information about attacker’s activity – Encourage attacker to linger so admins can document event, respond

Honeypots, Honeynets, and Padded Cell Systems Honeynets: collection of honeypots connected in a subnet • Padded cell: honeypot protected in order to hinder compromise – Typically works in tandem with traditional IDS – When IDS detects attackers, it transfers them to “special environment” where they cannot cause harm (hence the name)

Scanning and Analysis Tools They are often used to collect information that attacker would need to launch successful attack Attack protocol: sequence of attacker’s steps to attack target system/network • Footprinting : determining what hostnames, IP addresses a target org. owns Fingerprinting: systematic survey of resources found in footprinting stage – Useful for discovering weaknesses in org.’s network or systems

Port Scanners Tools used by attackers, defenders to identify computers on network (plus other info.) • Can scan for certain computers, protocols, resources (or generic scans) • Example: nmap ( https://nmap.org/ )

Vulnerability Scanners Active vulnerability scanners scan networks for highly detailed information; initiate traffic to determine holes Passive vulnerability scanners listen in on network and determine vulnerable versions of both server and client software Passive vulnerability scanners have ability to find client-side vulnerabilities typically not found in active scanners

Packet Sniffers Network tool that collects copies of packets from network and analyzes them Can provide network administrator with valuable information for diagnosing and resolving networking issues In the wrong hands, a sniffer can be used to eavesdrop on network traffic To use packet sniffer legally, administrator must be on network that organization owns, be under direct authorization of owners of network and have consent of the content creators

Defense in Depth The Defense in Depth strategy employs layered security mechanisms to provide comprehensive protection against diverse threats. By implementing multiple layers of defense, organizations can mitigate risks and minimize the impact of potential security breaches.

Cryptography in Network Security Cryptography is a fundamental tool in network security, facilitating secure communication and data protection through encryption and decryption processes. Key concepts include: Symmetric Encryption: Utilizing a single shared key for both encryption and decryption.

Cryptography in Network Security Asymmetric Encryption: Employing a pair of keys (public and private) for encryption and decryption. Digital Signatures: Verifying the authenticity and integrity of digital messages.

Secure Network Protocols Secure protocols are essential for safeguarding data transmission over networks: SSL/TLS (Secure Sockets Layer/Transport Layer Security): Encrypts data exchanged between web servers and clients, ensuring confidentiality and integrity. IPsec (Internet Protocol Security): Provides secure communication at the IP layer, enabling VPNs and secure data transmission. SSH (Secure Shell): Facilitates secure remote access and command execution on network devices.

Access Control Devices A successful access control system includes number of components, depending on system’s needs for authentication and authorization Strong authentication requires at least two forms of authentication to authenticate the supplicant’s identity The technology to manage authentication based on what a supplicant knows is widely integrated into the networking and security software systems in use across the IT industry

Access Control Devices A successful access control system includes number of components, depending on system’s needs for authentication and authorization Strong authentication requires at least two forms of authentication to authenticate the supplicant’s identity The technology to manage authentication based on what a supplicant knows is widely integrated into the networking and security software systems in use across the IT industry

Access Control Devices Access control : authenticates, authorizes users Authentication : validate a person’s identity Authorization : specify what the person can do with computers, networks Recommended: use ≥ two types of auth. technology

Access Control Devices Four main ways to authenticate person : What a person knows (e.g., password); What a person has (e.g., Duo Mobile app code); Who a person is (e.g., fingerprint);

Effectiveness of Biometrics Biometric technologies evaluated on three basic criteria: False reject rate : T he False Reject Rate, also known as Type I error, measures the frequency at which a biometric system incorrectly rejects an authorized person.

Effectiveness of Biometrics False accept rate: The False Accept Rate, also known as Type II error, measures how often a biometric system incorrectly accepts an unauthorized person. Crossover error rate (CER) : The Crossover Error Rate is the point at which the False Reject Rate and the False Accept Rate are equal.

Acceptability of Biometrics

Summary Intrusion detection system (IDS) detects configuration violation and sounds alarm Network-based IDS (NIDS) vs. host-based IDS (HIDS) Complex selection of IDS products that fit an organization’s needs S ca nning a nd a n a ly s is tools a r e u se d to pinpoint vuln e r a biliti e s in s y s t e m s , hol e s in sec u r ity c ompon e nt s , a nd un sec u r e d as p ec ts n e two r k
Tags
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 11
  • Slides 42
  • Age 463 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
Know for Certain 21
Know for Certain
DaveSinNM
21 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category