tailieunhanh - Network Security: Intrusion Detection Systems

to defend company resources: not only passively by using firewalls, virtual private networks (VPNs), encryption techniques, and whatever other tricks, but also by deploying proactive tools and devices throughout the network = IDS. | Network Security: Intrusion Detection Systems Vo Viet Minh Nhat Information Technology Dept. Faculty of Sciences Agenda Introduction to Intrusion Detection Host-Based IDSs Network-Based IDSs IDS Management Communications: Monitoring the Network Sensor Maintenance Conclusion Objectives On completing this section, you will be able to Explain the main differences between the various IDSs Describe host-based IDSs in detail Describe network-based IDSs in detail Explain how IDS management communication works Describe IDS tuning Explain how IDS maintenance works Introduction to defend company resources: not only passively by using firewalls, virtual private networks (VPNs), encryption techniques, and whatever other tricks, but also by deploying proactive tools and devices throughout the network => IDS Intrusion = someone tries to break into, misuse, or exploit a system => security policy defines what and who constitutes attempts to break into, abuse, or exploit a system. Introduction Two . | Network Security: Intrusion Detection Systems Vo Viet Minh Nhat Information Technology Dept. Faculty of Sciences Agenda Introduction to Intrusion Detection Host-Based IDSs Network-Based IDSs IDS Management Communications: Monitoring the Network Sensor Maintenance Conclusion Objectives On completing this section, you will be able to Explain the main differences between the various IDSs Describe host-based IDSs in detail Describe network-based IDSs in detail Explain how IDS management communication works Describe IDS tuning Explain how IDS maintenance works Introduction to defend company resources: not only passively by using firewalls, virtual private networks (VPNs), encryption techniques, and whatever other tricks, but also by deploying proactive tools and devices throughout the network => IDS Intrusion = someone tries to break into, misuse, or exploit a system => security policy defines what and who constitutes attempts to break into, abuse, or exploit a system. Introduction Two types of potential intruders exist: Outside intruders: referred to as crackers Inside intruders: occur from within the organization IDSs are effective solutions to detect both types of intrusions continuously. These systems run constantly in a network, notifying network security personnel when they detect an attempt they consider suspicious. Introduction IDSs have two main components: IDS sensors: they can be software and hardware based used to collect and analyze the network traffic. They are available in two varieties: network IDS: can be embedded in a networking device, a standalone appliance, or a module monitoring the network traffic host IDS: is a server-specific agent running on a server with a minimum of overhead to monitor the operating system IDS management: acts as the collection point for alerts and performs configuration and deployment services for the IDS sensors in the network. Notification Alarms The overall purpose of IDSs is to trigger alarms when a given packet or .