Embed Size (px)
Citation preview
1
University of Palestine
Student / Mahmoud Elqedra
Assistant Professor / Dr. Sana’a Wafa Al-Sayegh
2
Topics
Define of Intrusion detection system (IDS) types of IDS Advantages of Network based & host based Challenges of IDS Conclusion References
3
is a security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.
Intrusion detection system (IDS)
4
Types of IDS
Host based Intrusion Detection system has only host based sensors network based (HIDS)
Intrusion detection system has network-based sensor (NIDS)
5
Advantages of NIDS
1. Lower Cost of Ownership.
2. Easier to deploy.
3. Detect network based attacks.
4. Retaining evidence.
5. Real Time detection and quick response.
6. Detection of failed attacks.
6
Advantages of HIDS
Verifies success or failure of an attack Monitors System Activities Detects attacks that a network based IDS fail to detect Near real time detection and response Does not require
additional hardware Lower entry cost
7
Challenges of IDS
IDS technology itself is undergoing a lot of enhancements. The success of an IDS implementation depends to a large extent
on how it has been deployed. Some organizations implement a hybrid solution. It is important to take care of sensor to manager ratio The IDS technology is still reactive rather than proactive While deploying a network based IDS solution, it is important to
keep in mind one very important aspect of the network based IDS in switched environment.
8
Conclusion
strong identification and authentication:Intrusion Detection Systems are not a solution to all
security concernsAn IDS is not a substitute for a good security policy:Human intervention is require
9
1 .Watching the Watchers: Intrusion Detection by Greg Shipleyhttp://www.networkcomputing.com/1122/1122f3.html
2 .Network vs Host-based Intrusion Detection; A guide to Intrusion DetectionTechnologyhttp://secinf.net/info/ids/nvh_ids/
3 .Intrusion Detection: Challenges and myths by Marcus J. Ranumhttp://secinf.net/info/ids/ids_mythe.html
4 .State of the Practice of Intrusion Detection Technologieshttp://www.sei.cmu.edu/publications/documents/99.reports/99tr028/99tr028exsum.html
List of References:
10
5 .Protect your network with an Intrusion Detection system, Gartner Researchhttp://www.techrepublic.com/article.jhtml?src=search&id=r00520010209ggr01.htm
6 .FAQ: Network Intrusion Detection Systems by Robert Grahamhttp://www.ticm.com/kb/faq/idsfaq.html
7 .Limitations of Network Intrusion Detection by Steve Schupphttp://www.sans.org/infosecFAQ/intrusion/net_id.htm
List of References:
