Monday, 7 May 2012

Introduction to IDS:

Intrusion Detection has become an essential component of computer security in recent years.
IDS provide accurate and timely information about ongoing intrusion which is necessary for network protection.
It warns administrators of malicious computer activity.
It attached in between internet and firewall.
It gathering and analyzer or network.





Measuring IDS’s:

IDS’s generate too many inaccurate alarms in current systems. But acting automatically on such alarm is very dangerous. The concept of good is not well defined for the intrusion detection problem. Effectiveness of an good IDS report intrusion when they occur and does not report when they not occur.
      Stefan Axlsson analyzed the intrusion detection problem with Bayesian Statistics and determined that the base rate effectiveness of IDS.
Alarm from IDS must be investigated by security offices to separate the real threats from the false alarm.

      There are many factors to consider when evaluating IDS’s such as:-
Speed,
Cost,
Effectiveness,
Ease-of-use,
Scalability,
Interoperability.

       They are determined by the detection algorithm of the IDS. IDS use sensor to collect data which is processed into events.



There are three main categories of detection:
  • Signature Detection: It identify/detect misuse event that misuse a system.
  • Anomaly Detection: It create a model of normal use and look for activity that does not conform.
  • Protocol Anomaly Detection: It analyzing network traffic and build TCP/IP protocols.

Type of Intrusion Detection System:
  •   Network Based detection system
  •   Host based – example; CISCO (CSA) CISCO Security Agent
  •   Log-file Monitoring
  •   File Integrity checking- It check for Trojen horses, or file
 

 
Indication of Intrusion:
  1. System Indication
  2.  File System Indication
  3.  Network Indication
System Indication- Unusually system performance will be changed and slow, system not work properly and going to be abnormal.
Example;
  • ·         Unusually graphics display
  • ·         System crashes
  • ·         System reboots
  • ·         System Performance slow
  • ·         Missing log
  • ·         Unexpected text messages
  • ·         Disturbed system configuration
File System Indication- Here change the file system.
Example;
  • ·         Change file system
  • ·         Missing file
  • ·         Change function of file permission
Network Indication- Unusually network system change.
Example;
  • ·         Connection from unusually location
  • ·         Indication an attempt at creating either a Denial of Services
  • ·         Indicating of a crash services

Intrusion Detection Tools:
  1. CISCO Secure IDS
  2. Dragon Sensor
  3. Check Point Real Secure
  4. Silent Runner
  5. Real Secure
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)