intrusion detection software (ids/9000)
DESCRIPTION
Intrusion Detection Software (IDS/9000). Version B.00 H7076S Module 7 Slides. Kernel IDS. CPU. sulog. btmp. wtmp. syslog. Processes. Memory. Disk. Intrusion Detection Software Overview. IDS Client. IDS Client/Server Architecture. Kernel IDS. Kernel IDS. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/1.jpg)
1
hp education serviceseducation.hp.com
Intrusion Detection Software (IDS/9000)
Version B.00H7076S Module 7 Slides
![Page 2: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/2.jpg)
2 © 2001 Hewlett-Packard Company
H7076S B.00
IDS Client
Intrusion Detection Software Overview
Memory
CPU
Processes
Kernel IDS
Disk
btmp wtmp syslogsulog
![Page 3: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/3.jpg)
3 © 2001 Hewlett-Packard Company
H7076S B.00
IDS Client/Server Architecture
Memory
CPU
Processes
Kernel IDS
Disk
btmp wtmp syslogsulog
Memory
CPU
Processes
Kernel IDS
Disk
btmp wtmp syslogsulog
![Page 4: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/4.jpg)
4 © 2001 Hewlett-Packard Company
H7076S B.00
Detection Templates
Modification of files and directories Changes to logfiles Creation of set UID files Creation of world writable files Repeated failed logins Repeated failed su attempts Race condition attacks Buffer overflow attacks Modification of another user’s files Monitor for the start of interactive sessions Monitor logins and logouts
![Page 5: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/5.jpg)
5 © 2001 Hewlett-Packard Company
H7076S B.00
Detection Templates
Advanced Group
All TemplateGroup
FileModification
Group
LoginMonitoring
Group
Surveillance Groups
Surveillance Groups
Files Changes
Perm Changes
New WW Files
New SUID FilesFailed SU Attempts
Failed Logins
Race ConditionsUser Perm/File ChangesLogins/Logouts
Buffer Overflow User Logins
![Page 6: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/6.jpg)
6 © 2001 Hewlett-Packard Company
H7076S B.00
Surveillance Schedules
Surveillance Groups
Advanced Group
All TemplateGroup
FileModification
Group
LoginMonitoring
Group
DetectionTemplates
Surveillance Schedule
File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
Adv Group M-F 12:00-11:59File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
![Page 7: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/7.jpg)
7 © 2001 Hewlett-Packard Company
H7076S B.00
Surveillance Schedules to Host Mapping
Surveillance Groups
Advanced Group
All TemplateGroup
FileModification
Group
LoginMonitoring
Group
DetectionTemplates
Surveillance Schedule
File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
Adv Group M-F 12:00-11:59File Mod Group M-F 12:00-11:59Login Mon Grp M-F 12:00-11:59
IDSClients
![Page 8: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/8.jpg)
8 © 2001 Hewlett-Packard Company
H7076S B.00
IDS System Management Window
![Page 9: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/9.jpg)
9 © 2001 Hewlett-Packard Company
H7076S B.00
Alert Browser
![Page 10: Intrusion Detection Software (IDS/9000)](https://reader036.vdocuments.us/reader036/viewer/2022062309/56815201550346895dc04271/html5/thumbnails/10.jpg)
10 © 2001 Hewlett-Packard Company
H7076S B.00
Error Browser