idps (intrusion detection & prevention system ) by varang amin (004805672) guided by prof....
TRANSCRIPT
IDPS (Intrusion Detection & Prevention System )
By
Varang Amin (004805672)
Guided By Prof. Richard Sinn
Agenda
Introduction IDPS Why IDPS Detection Engine Features &Functions Evaluation Test Case Future Available IDPS in Market
Introduction
Secure Environment
Introduction
Various options are available IDPS , based on behavior of network and contents of
each and every packet.
Firewall , based on Access Control List .
VPN,communication network tunneled through public network.
Why IDPS……
Firewall ,based on policy defined in Access Control List
Policy based filtering when session is established
Not able to check each packet in network
Tend to stop search when find any match.
Able to shutdown the connection but not able to throttle the traffic
IDPS
Detection method Specification Detection , based on the application
reorganization rules for detecting application and attacks.
Anomaly Detection, based on the behavior of the available pattern in IDPS .
Integrity Check , detection based on hash values and signatures for verify the integrity of data.
Architecture of Detection Engine
Fig
Deployment IPS
Network Based
Host Based
Hybrid
Deployment & Working Principals
IDPS Terminology
Signatures , basically regular or fixed expression .
Depth Of Search
Offset
Example : Regular Expressions
eDonkey Login Connection “\xe3.{4}[\x01\xc5] ”
Continue……….
Fixed Expression
eDonkey File sharing Connection “http://emul-Projectinfo.org”
Implemented with the help of sniffers.
Continue….
Traffic Anomaly
Throttle the network traffic.
Protocol Anomaly
For Standard Service
False Positives
Incorrect application detected .
False Negatives
Application Not Detected
Evaluation of IDPS
Generate some manual traffic of open source attacks .
IXIA
Smart bits
Existing service from Windows or Linux OS.
Test Case 1
By pass the IPS.
Test Case 2
Fragment the Attack
Test Case 3
TTL based attacks
Future Enhancement ……
Can be more sophisticated application
Session Monitoring
Learning
UTM
IDPS Example
Cisco 6000 Family IDS
Snap Gear by Secure Computing
Linux IP Tables (Open Source)
Snort
Intrupro
Sonic Wall Gateway
References
Article “IDS Evaluation” published on Network world Magazine .
Insertion, Evasion and Denial Of Service:-Eluding Network Intrusion detection System -Thomas H. Ptacek, Timothy N. Newsham .
www.securityfocus.com
Thanks
Question ????