1 / 7

Intrusion Detection Methods

Intrusion Detection Methods. “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”. The Seven Fundamentals. What are the methods used How are IDS Organized What is an intrusion

bonita
Download Presentation

Intrusion Detection Methods

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

  2. The Seven Fundamentals • What are the methods used • How are IDS Organized • What is an intrusion • How do we trace and how do they hide • How do we correlate information • How can we trap intruders • Incident response

  3. Internet Trap • A set of functional and procedural components that use legal and authorized deception to divert the activity of potential intruder from real valued asset to bogus assets (and vice versa) for the purpose of gathering intrusion related information and initiating response.

  4. Real system Real system Trap Technical considerations • Detecting the intruder • Detecting the trigger • Reversing decision about activity • Remain Stealth

  5. Types of Internet Traps • Real environment with trap elements • Unix system with fake password file • Win2K with phony open shares • Web servers with phony vulnerable CGIs • Small environment to large trap • Large environment to small trap • Mirrored environment and trap • Trap serves as hot stand by system

  6. Design considerations • Proper design • Advisory notice • Keep the intruder in mind (what would cs485 students like to break into?) • Don’t be too obvious • Software tools as gifts

  7. Design considerations (cont.) • Bait • Administrator correspondence • Rigged email • Rigged scan points • System messages • OOB Traps • Legal considerations

More Related