![Page 1: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/1.jpg)
IDPS (Intrusion Detection & Prevention System )
By
Varang Amin (004805672)
Guided By Prof. Richard Sinn
![Page 2: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/2.jpg)
Agenda
Introduction IDPS Why IDPS Detection Engine Features &Functions Evaluation Test Case Future Available IDPS in Market
![Page 3: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/3.jpg)
Introduction
Secure Environment
![Page 4: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/4.jpg)
Introduction
Various options are available IDPS , based on behavior of network and contents of
each and every packet.
Firewall , based on Access Control List .
VPN,communication network tunneled through public network.
![Page 5: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/5.jpg)
Why IDPS……
Firewall ,based on policy defined in Access Control List
Policy based filtering when session is established
Not able to check each packet in network
Tend to stop search when find any match.
Able to shutdown the connection but not able to throttle the traffic
![Page 6: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/6.jpg)
IDPS
Detection method Specification Detection , based on the application
reorganization rules for detecting application and attacks.
Anomaly Detection, based on the behavior of the available pattern in IDPS .
Integrity Check , detection based on hash values and signatures for verify the integrity of data.
![Page 7: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/7.jpg)
Architecture of Detection Engine
Fig
![Page 8: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/8.jpg)
Deployment IPS
Network Based
Host Based
Hybrid
![Page 9: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/9.jpg)
Deployment & Working Principals
![Page 10: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/10.jpg)
IDPS Terminology
Signatures , basically regular or fixed expression .
Depth Of Search
Offset
Example : Regular Expressions
eDonkey Login Connection “\xe3.{4}[\x01\xc5] ”
![Page 11: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/11.jpg)
Continue……….
Fixed Expression
eDonkey File sharing Connection “http://emul-Projectinfo.org”
Implemented with the help of sniffers.
![Page 12: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/12.jpg)
Continue….
Traffic Anomaly
Throttle the network traffic.
Protocol Anomaly
For Standard Service
False Positives
Incorrect application detected .
False Negatives
Application Not Detected
![Page 13: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/13.jpg)
Evaluation of IDPS
Generate some manual traffic of open source attacks .
IXIA
Smart bits
Existing service from Windows or Linux OS.
![Page 14: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/14.jpg)
Test Case 1
By pass the IPS.
![Page 15: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/15.jpg)
Test Case 2
Fragment the Attack
![Page 16: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/16.jpg)
Test Case 3
TTL based attacks
![Page 17: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/17.jpg)
Future Enhancement ……
Can be more sophisticated application
Session Monitoring
Learning
UTM
![Page 18: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/18.jpg)
IDPS Example
Cisco 6000 Family IDS
Snap Gear by Secure Computing
Linux IP Tables (Open Source)
Snort
Intrupro
Sonic Wall Gateway
![Page 19: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/19.jpg)
References
Article “IDS Evaluation” published on Network world Magazine .
Insertion, Evasion and Denial Of Service:-Eluding Network Intrusion detection System -Thomas H. Ptacek, Timothy N. Newsham .
www.securityfocus.com
![Page 20: IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn](https://reader035.vdocuments.us/reader035/viewer/2022072005/56649ccb5503460f94994326/html5/thumbnails/20.jpg)
Thanks
Question ????