expansion of the surfnet intrusion detection system
play

Expansion of the SURFnet Intrusion Detection System R. Buijs P. - PowerPoint PPT Presentation

Apr 06, 2024 •270 likes •454 views

Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network Engineering 7-2-2007 R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 1 / 18 Contents Assignment 1 Intrusion Detection Systems 2

  1. Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network Engineering 7-2-2007 R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 1 / 18

  2. Contents Assignment 1 Intrusion Detection Systems 2 SURFnet IDS 3 IDS Software 4 Conclusion 5 R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 2 / 18

  3. Assignment Suggest improvements to SURFnet IDS. Greater diversity IDS product research R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 3 / 18

  4. Intrusion Detection Systems What is an IDS? HIDS Host based Monitors attacks to host NIDS Network based Monitors malicious traffic on network, multiple hosts R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 4 / 18

  5. Intrusion Detection Systems Low-interaction Service emulator Limited to emulation Easier to detect High-interaction Runs real services Real host, or virtual Zero day attacks R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 5 / 18

  6. SURFnet IDS Distributed sensor-based HIDS Sensor Any PC USB stick Remastered Knoppix OpenVPN R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 6 / 18

  7. SURFnet IDS R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 7 / 18

  8. SURFnet IDS server Nepenthes Simulates vulnerabilities, and collects mallware More than 20 simulations currently available Reports to PostgreSQL database Argos High interaction IDS Can be used to analyse Zero day attacks R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 8 / 18

  9. SURFnet IDS Webinterface Customer can log in Access to information of their sensor Which attacks Statistics R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 9 / 18

  10. IDS Software: Filesystem Integrity Checking Tripwire Samhain Client-server based Aide R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 10 / 18

  11. IDS Software: Low-interaction honeypots Honeyd: Simulates a host with vulnerable services Simulates complicated networks Well documented Infrequently updated R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 11 / 18

  12. IDS Software: Low-interaction honeypots Honeytrap: Simple: ”Poor man’s service emulator” Mirror mode Regularly updated Badly documented No community R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 12 / 18

  13. IDS Software: Prelude (1) Prelude: IDS Framework Sensors IDMEF (XML) Policies Web-interface Prewikka R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 13 / 18

  14. IDS Software: Prelude (2) Prelude test: Slow Web-interface needs to be modified R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 14 / 18

  15. IDS Software: Snort Network traffic analyse tool Operation Modes Sniffer / logger mode Inline mode Network intrusion detection mode R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 15 / 18

  16. IDS Software: Snort NIDS mode Rules Alerts Logging Implementation Maintenance R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 16 / 18

  17. Conclusion Let SURFnet IDS detect more malicious traffic Our advice: Integrate Snort SURFnet IDS will cover a greater diversity of malicious traffic R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 17 / 18

  18. Questions? Questions? R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 18 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007 Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP

203 views • 18 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/

Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/

Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/ 2007 Autom atic anom aly detection using NfSen - SURFnet and netflow anomaly detection - NERD - NfSen - PeakFlow SP - Currently used detection

594 views • 26 slides
Basics of Intrusion Detection Watch whats going on in the system Try to detect behavior

Basics of Intrusion Detection Watch whats going on in the system Try to detect behavior

Basics of Intrusion Detection Watch whats going on in the system Try to detect behavior that characterizes intruders While avoiding improper detection of legitimate access At a reasonable cost Lecture 11 Page 1 CS 236 Online

426 views • 13 slides
Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol

Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol

Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol Toshiba, 26/11/2020 1 Talk loosely based on following publications Han et al. UNICORN: Revisiting Host-Based Intrusion Detection in the Age of

783 views • 55 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy Chapter 13 Using Rules and Thresholds for

297 views • 7 slides
Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H.

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H.

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H. Sanders Previous Work [1] Intrusion detection by combining and clustering diverse monitor data System Logs Firewall Logs Feature extraction Cluster

527 views • 49 slides
Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr. Nen-Fu (Fred) Huang Professor, Department of Computer Science, National Tsing Hua University, Taiwan President, Broadweb Corp, Taiwan E-mail:

846 views • 41 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Real-time Network Intrusion Detection System with Supporting Cyber Security Regulations for

Real-time Network Intrusion Detection System with Supporting Cyber Security Regulations for

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Real-time Network Intrusion Detection System with Supporting Cyber Security Regulations for Nuclear Power Plants Jae-Hee Roh a , Seok-Ki Lee a , Choul-Woong Son

362 views • 4 slides
Board recommends accelerated dividend progression Preliminary results for the 12 months

Board recommends accelerated dividend progression Preliminary results for the 12 months

Board recommends accelerated dividend progression Preliminary results for the 12 months ended 31 March 2011 26 May 2011 Business overview Bill Halbert, Executive Chairman Summary financial results Revenue in the second half

482 views • 21 slides
CORE+ Degree Requirements Successful completion of 124 Semester hours of credit (ACAD088,

CORE+ Degree Requirements Successful completion of 124 Semester hours of credit (ACAD088,

CORE+ Degree Requirements Successful completion of 124 Semester hours of credit (ACAD088, EDUC088, and developmental courses may not be included) Overall GPA of 2.00 36-75 semester hours and/or 48 semester hours within a single

547 views • 20 slides
Sales Associate Administrative Coordinator Broker Associate Sales Associate Sales Associate

Sales Associate Administrative Coordinator Broker Associate Sales Associate Sales Associate

Josmar Castillo Suzet Contreras Katherina Santana Martha Mannella Mirtha Sariol Maria Jos Gonzalez Sales Associate Administrative Coordinator Broker Associate Sales Associate Sales Associate Sales Associate Carlos Mayz Roberto Orta

1.19k views • 20 slides
High Performance String Matching Algorithm for a Network Intrusion Prevention System (NIPS) Yaron

High Performance String Matching Algorithm for a Network Intrusion Prevention System (NIPS) Yaron

High Performance String Matching Algorithm for a Network Intrusion Prevention System (NIPS) Yaron Weinsberg Shimrit Tzur-David Danny Dolev Tal Anker The Hebrew University Of Jerusalem Radlan - a Marvell Company Email: { wyaron,shimritd,dolev

183 views • 7 slides
CIP-005-5 R1.5 Spring CIP Audit Workshop April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA

CIP-005-5 R1.5 Spring CIP Audit Workshop April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA

CIP-005-5 R1.5 Spring CIP Audit Workshop April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor CIP-005-5 Part 1.5 Learning Objectives Terminology Discussion of IPS/IDS & firewall Questions Answered

813 views • 38 slides
Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 | info@detection-technologies.com | www.detection-technologies.com Mikro Tek Key Advantages One analyzer - up to 300m detection range! A single Mikro Tek

874 views • 6 slides
Massively distributed intrusions detection : goals, challenges and possible solutions. SEC2 2015,

Massively distributed intrusions detection : goals, challenges and possible solutions. SEC2 2015,

Massively distributed intrusions detection : goals, challenges and possible solutions. SEC2 2015, Lille Michal Hauspie CRIStAL, CNRS UMR 9189 quipe 2XS . . . . . . . . . . . . . . . . . . . . . . . . . . . .

643 views • 40 slides

More recommend