Pages

Tuesday, January 20, 2009

Intrusion Detection System

Intrusion Detection System

ABSTRACT

This Seminar answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected. Intrusion in today’s network leads to frequent problems for the existing vast networks. If they are not taken care of at proper time they result into improper functioning of network and loss of confidential information, which is of utmost importance.

The seminar briefly takes an overview on:

Intrusion: What is it?

Types of intrusion.

Detect intrusion of known signatures.

Measures to be taken to prevent intrusion.

INTRODUCTION.

What is a "network intrusion detection system (NIDS)"?

An intruder is somebody ("hacker" or "cracker") attempting to break into or misuse your system. The word "misuse" is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email System for Spam.

An "Intrusion Detection System (IDS)" is a system for detecting

such intrusions. Network intrusion detection systems (NIDS) monitors’ packets on

the network wire and attempts to discover if a hacker/cracker is attempting to break into a system (or cause a denial of service attack). A typical example is a system that watches for large number of TCP connection requests (SYN) to many different ports on a target machine thus discovering if someone is attempting a TCP port scan. A NIDS may run either on the target machine who watches its own traffic (usually integrated with the stack and services themselves), or on an independent machine promiscuously watching all network traffic (hub, router, probe). Note that a "network" IDS monitors many machines, whereas the others monitor only a single machine system integrity verifiers (SIV) monitors system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well know signatures. log file monitors (LFM) monitor log files generated by network services. In a similar manner to NIDS, these systems look for patterns in the log files that suggest an intruder is attacking.

A typical example would be a parser for HTTP server log files that looking for intruders who try well-known security holes, such as the "phf" attack.

Example: swatch deception systems, which contain pseudo-services whose goal is to emulate well-known holes in order to entrap hackers.

1 comment:

  1. The blog was absolutely fantastic! Lot of great information which can be helpful in some or the other way. Keep updating the blog, looking forward for more contents... Great job, keep it up..

    Intrusion Detection

    ReplyDelete