1

INTRUSION DETECTION SYSTEM

2

WHAT IS IDS?An IDS is a system designed to detect

unauthorized access to secure systems. i.e. Hacking , cracking or script based attacks.

intrusion detection systems do exactly as the name implies: they detect possible intrusions

IDS tools aim to detect computer attacks and/or computer misuse and alert the proper individuals upon detection

An IDS provides much of the same functionality as a burglar alarm installed in a house

3

WHAT IS INTRUSION DETECTION??Intrusions are the activities that violate the security policy of system.Intrusion Detection is the process used to identify intrusionsIntrusion : Attempting to break into or misuse your system.Intruders may be from outside the network or legitimate users of the network.

4

DISADVANTAGES OF EXISTING SYSTEM

No detection and prevention framework in a virtual networking environment

Not accuracy in the attack detection from attackers.

5

ADVANTAGES OF IDSallows administrator to tune, organize and

comprehend often incomprehensible operating system audit trails and other logs

can make the security management of systems by non-expert staff possible by providing user friendly interface

can recognize and report alterations to data filesIDS generate alarm and report to administrator

that security is breaches and also react to intruders by blocking them or blocking server.

It provides time to time information, it recognize attacker (intrusion) & report alteration to data files.

6

TYPES OF INTRUSION DETECTION SYSTEM

->Based on the sources of the audit information used by each IDS, the IDSs may be classified into

Host Based Intrusion Detection: HIDSs evaluate information found on a single or multiple host systems, including contents of operating systems, system and application files .

Network Based Intrusion Detection: NIDSs evaluate information captured from network communications, analyzing the stream of packets which travel across the network .

7

WHERE WE PLACED IDS??

8

COMPONENTS OF IDSIDS system containing following 3

component:Event generator.Analysis engine.Response/alert.

9

SNORT:SNORT is a free and open source network

intrusion detection and prevention system created by Martin Roesch in 1998.

Snort has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks

It performs protocol analysis, content searching, and content matching.

10

11

COMPONENTS OF SNORTa. Packet Decoder b. Preprocessors c. Detection Engine d. Logging and Alerting System e. Output Modules

12

Fig shows how these components are arranged. Any data packet coming from the Internet enters the packet decoder. On its way towards the output modules, it is either dropped, logged or an alert is generated

13

PACKET DECODER:The packet decoder takes packets from

different types of network interfaces and prepares the packets to be preprocessed or to be sent to the detection engine

The interfaces may be Ethernet, SLIP, PPP and so on.

14

PREPROCESSORSPreprocessors also known as a input plug-ins.Preprocessors are components or plug-ins

that can be used with Snort to arrange or modify data packets before the detection engine does some operation to find out if the packet is being used by an intruder.

They are also used to normalize protocol headers, detect anomalies, packet reassembly and TCP stream re-assembly.

15

DETECTION ENGINE

The detection engine is the most important part of Snort.

Its responsibility is to detect if any intrusion activity exists in a packet.

16

LOGGING AND ALERTING SYSTEM

It generates alert and log messages depending upon what the detection engine finds inside a packet.

17

OUTPUT MODULES Output modules or plug-ins process alerts

and logs and generate final output.

18

ISS – Real Secure from Internet Security Systems:

Real time IDS.Contains both host and network based IDS.

Tripwire – File integrity assessment tool.Bro and Snort – open source public-domain

system.

Commercial ID Systems

19

SYSTEM CONFIGURATION:Hardware Configuration:- Processor - Pentium –IV Speed - 1.1 GHz RAM - 256 MB(min) Hard Disk - 20 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - SVGA

20

Software Configuration:- Operating System: Windows XP Programming Lang.: JAVA/J2EE Java Version: JDK 1.6 & above.

21

REFERENCES:

www.securityfocusonline.com/IDSwww.linuxsecurity.com/4030/topic/IDSwww.acm.com/intrusion detection system

/www.securitydocs.comwww.studymafia.orgReference book :Intrusion Detection

Systems with Snort by Rafeeq Ur Rehman

22

THANK YOU