1 / 14

Intrusion Prevention System

Intrusion Prevention System. Group 6 Mu-Hsin Wei Renaud Moussounda. What is IPS. IPS (Intrusion prevention system) Control access to a network Similar to firewall, but different…. What’s the difference?. Traditional firewall – examines header IPS – examines payload as well

lesa
Download Presentation

Intrusion Prevention System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda

  2. What is IPS • IPS (Intrusion prevention system) • Control access to a network • Similar to firewall, but different…

  3. What’s the difference? • Traditional firewall – examines header • IPS – examines payload as well • DPI (Deep Packet Inspection)

  4. DPI enables IPS to… • Gather more information • Detect certain attack signatures • Control network traffic intelligently - ftp root access (user root) - HTTP content

  5. Tradeoff • Payload - no fixed fields - large in size • Requires high computing resource - CPU - memory • Hardware implementation

  6. IDS vs IPS • Intrusion Detection System (IDS): - DPI - detects - Snort • IPS: - DPI - take action - snort_inline + iptables

  7. Proof of concept • Implement an IPS using: - snort_inline, and - iptables • Test IPS using: - Lab4 firewall configuration - Lab6 imapd buffer overflow

  8. Lab 4 setup • Black - attacker • Protected – victim • Firewall - IPS

  9. How to capture attack? • Attack using buffer overflow string • Long sequence of NOP • snort_inline checks for …90 90 90 90...

  10. Flow • Protected runs vulnerable service • BlackHat attacks • snort_inline captures and tell • iptable block traffic • Protected remains safe

  11. IPS + Lab4 + Lab6 • BlackHat, Protected, and IPS

  12. Implication • One for all • Less dependent on individual server • Vulnerable service made secure • Enhanced security

  13. What you will do in the lab? • Setup machines & install software • Perform first attack without IPS • Perform second attack with IPS enabled • Appreciate IPS/DPI

  14. Questions ?

More Related