Scribd
Upload
300 views12 pages

Intrusion Detection System

An intrusion detection system (IDS) monitors network activity for malicious or unauthorized behavior and reports it to a management system. An intrusion prevention system (IPS) additionally attempts to block or stop detected threats. IPS technologies include network-based, wireless, and host-based varieties that can analyze traffic patterns and individual hosts to identify threats like DDoS attacks or malware. The open-source Snort software can operate in sniffing, logging, or intrusion detection/prevention modes.

Uploaded by

kiny
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
300 views12 pages

Intrusion Detection System

An intrusion detection system (IDS) monitors network activity for malicious or unauthorized behavior and reports it to a management system. An intrusion prevention system (IPS) additionally attempts to block or stop detected threats. IPS technologies include network-based, wireless, and host-based varieties that can analyze traffic patterns and individual hosts to identify threats like DDoS attacks or malware. The open-source Snort software can operate in sniffing, logging, or intrusion detection/prevention modes.

Uploaded by

kiny
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

INTRUSION DETECTION

SYSTEM
• An intrusion detection system (IDS) is a device
or software application that monitors network
or system activities for malicious activities or
policy violations and produces reports to a
Management Station.
WHAT IS IDPS ?
• Intrusion prevention systems (IPS), also
known as intrusion detection and prevention
systems (IDPS), are network security
appliances that monitor network and/or
system activities for malicious activity. The
main functions of intrusion prevention
systems are to identify malicious activity, log
information about said activity, attempt to
block/stop activity, and report activity. [
• IPS can take such actions as sending an alarm,
dropping the malicious packets, resetting the
connection and/or blocking the traffic from
the offending IP address
TYPES OF INTRUSION PREVENTION
SYSTEM

• Network-based intrusion prevention system


(NIPS): monitors the entire network for
suspicious traffic by analyzing protocol
activity.
• Wireless intrusion prevention systems
(WIPS): monitors a wireless network for
suspicious traffic by analyzing wireless
networking protocols.
• Network behavior analysis (NBA): examines
network traffic to identify threats that
generate unusual traffic flows, such as
distributed denial of service (DDoS) attacks,
certain forms of malware, and policy
violations.
• Host-based intrusion prevention system
(HIPS): an installed software package which
monitors a single host for suspicious activity
by analyzing events occurring within that host.
Snort Modes
• Sniffer Mode
• Used to sniff traffic from network
• Traffic will be captured using libpcap or winpcap.
• Traffic will be captured directly from the sensor .
• Logger Mode
• Simple logging into a file. Two possible formats are Binary and ASCII.
• Logging into a Database (eg. MySQL)
• Can be used for creating the normal traffic profile
• Intrusion Detection / Prevention
• The rules will be used in this mode of snort to detect unwanted activity

You might also like