Chapter 11 Intrusion Detection System

More documents

Recommendations

Info

Rootkit Rootkit is a set of “trojan” system binaries Use buffer overflow to reak into a host, download rootkitby FTP, unpack, compile and install Possibly turn off anti-virus / IDS Hides its own presence!¡ installs hacked binaries for common system monitoring command,e.g., netstat, ps, ls, du, login Sniff user passwords.Security Spring 2013
File Integrity Checking Tripwire¡ recordshashesofcriticalfilesandbinaries¡ <strong>System</strong>periodicallychecksthatfileshavenotbeenmodifiedbyre-computingandcomparinghash Ways to bypassSecurity Spring 2013
Page 3 and 4: Security Spring 2013Basic IDS conce
Page 5 and 6: Why Is Intrusion DetectionWhy is In
Page 7 and 8: Elements of Intrusion Detectionents
Page 9 and 10: Intrusion Detection Approaches Mode
Page 11 and 12: Measuring (Cont’d) True positive
Page 13 and 14: Example 70,000 events, 300 intrusio
Page 15 and 16: Bayesian Detection RateBayesian Det
Page 17 and 18: Misuse DetetionMisuse Detectionpatt
Page 19 and 20: Anomaly DetectionAnomaly Detectiona
Page 21 and 22: Ex. : Misuse vs. Anomaly Detection
Page 23 and 24: Signature Generation Research chall
Page 25 and 26: Examples of Metrics Count of number
Page 27 and 28: Where Is the IDS Deployedere Is the
Page 29: Host-Based IDS (Cont’d) Drawbacks
Page 33 and 34: Some detailsSome Details• Anomaly
Page 35 and 36: Network-based IDS (Cont’d) Drawba
Page 37 and 38: Popular NIDS Snort¡ http://www.sno
Page 39 and 40: Snort Rule Syntax Each snort rule h
Page 41: Detecting Attack Strings Scanning f

Chapter 11 Intrusion Detection System

Create successful ePaper yourself

Delete template?

Save as template?