Intrusion Detection - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Intrusion Detection

Description:

Scanning. Incident Response, Forensics. IDS. Evaluations. Education. Me. 04 ... The background photo in this presentation is called 'Look-Forward' by mmmzaaomi ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 14
Provided by: infos2
Learn more at: http://infosec.ufl.edu
Category:

less

Transcript and Presenter's Notes

Title: Intrusion Detection


1
Intrusion Detection
Jordan Wiens 352 392 2061 numatrix_at_ufl.edu http//
infosec.ufl.edu/ Senior Network Security Engineer
2
Introduction
  • UF Security Team
  • Auditing
  • Scanning
  • Incident Response, Forensics
  • IDS
  • Evaluations
  • Education
  • Me

3
Purpose, related tech
  • Real-time alerting
  • Forensics
  • IDS vs. IPS
  • IDS vs. HIDS
  • IDS vs. NADS
  • IPS vs. Firewall

4
Timeline
  • 1987 An Intrusion Detection Model
  • 1990 A Network Security Monitor
  • 1994 Netranger
  • 1997 ISS
  • 1998 Snort
  • 1999 Dragon

5
Deployment
  • Copper
  • Hub
  • Switch w/ SPAN port or mirror mode
  • Fiber
  • Optical tap (passive, active)
  • Optical switch
  • Wireless
  • Management Network

6
Classic Techniques
  • Malformed packets
  • Pattern matching
  • Protocol decoders
  • Statistical analysis

7
Modern Techniques
  • Context Awareness
  • Inline Responses
  • OOB Responses
  • Extensibility, Integration, Open APIs
  • Anomaly Detection

8
Demonstration
9
Signatures
  • Signature writing methodology
  • False-positive, false-negative
  • Vulnerability versus exploit
  • Goals for forensics, detection, prevention
  • Examples
  • UPNP
  • Botnet detection
  • WMF

10
Detection Failures
  • Evasion
  • Fuzz until evade (AV bypass as well)
  • Obfuscate / encode
  • All layers
  • Fragroute
  • Metasploit
  • Forest, trees, etc.
  • Nessus, Metasploit
  • Inherent weaknesses

11
Counter Evasion
  • IP Normalization
  • Application proxy
  • IDS Normalization Modules
  • Count on laziness!
  • Less effective as we add on layers to traditional
    OSI (SOAP over HTTP, AJAX, etc).

12
Companies and Products
  • Open Source (Snort, Bro, Shadow)
  • Enterasys' Dragon
  • ISS Proventia
  • Juniper's Netscreen
  • Cisco
  • Stillsecure
  • Lucid
  • and more...

13
Questions?
  • The background photo in this presentation is
    called Look-Forward by mmmzaaomi and is
    licensed under a by-nc-sa/2.0 Creative Commons
    license. It is available atflickr.com/photos/mmm
    azzoni/110019759/
  • Likewise, this presentation itself is released
    under a by-nc-sa/2.0 Creative Commons License and
    is available at infosec.ufl.edu/literature/
  • Ver 1.0
Write a Comment
User Comments (0)
About PowerShow.com