Scribd
Upload
38 views

Intrusion Detection System: Submitted by Branch: Regn. No.

Intrusion detection systems (IDS) monitor network traffic and system activity for suspicious behavior and alert administrators. IDS can detect both external intrusions and internal misuse. IDS analyze network traffic patterns and system configurations/files to recognize attacks. There are two main types: network IDS monitor entire network traffic from sensors, while host-based IDS monitor individual systems. IDS provide security benefits but also have limitations like false negatives and difficulty analyzing encrypted traffic. Common free open-source IDS include AIDE, Bro, OSSEC, Prelude, and Snort.

Uploaded by

preetam a rare dragon
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
38 views

Intrusion Detection System: Submitted by Branch: Regn. No.

Intrusion detection systems (IDS) monitor network traffic and system activity for suspicious behavior and alert administrators. IDS can detect both external intrusions and internal misuse. IDS analyze network traffic patterns and system configurations/files to recognize attacks. There are two main types: network IDS monitor entire network traffic from sensors, while host-based IDS monitor individual systems. IDS provide security benefits but also have limitations like false negatives and difficulty analyzing encrypted traffic. Common free open-source IDS include AIDE, Bro, OSSEC, Prelude, and Snort.

Uploaded by

preetam a rare dragon
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

INTRUSION

DETECTION
SYSTEM

SUBMITTED BY
SHRABANTEE KSHYATRIBAR SINGH
BRANCH : CSE
REGN. NO. : 0801288096
AGENDA
1. Introduction
2. Definition of IDS
3. What does IDS do ?
4. What is the difference between IDS and firewall ?
5. Types of IDS
× NIDS
× HIDS

6. Advantages & Disadvantages of using IDS


7. Some free IDS
8. Conclusion
INTRODUCTION

An IDS monitors network traffic and monitors for suspicious


activity and alerts the system or network administrator. In some
cases the IDS and also respond to anomalous or malicious traffic
by taking action Such as blocking the user or source IP address
from accessing the Network.
DEFINITION

Intrusion detection (ID) is a type of security management system for


computers and networks. An ID system gathers and analyzes
information from various areas within a computer or a network to
identify possible security breaches, which include both intrusions
(attacks from outside the organization) and misuse (attacks from
within the organization). ID uses vulnerability assessment
(sometimes referred to as scanning), which is a technology developed to
assess the security of a computer system or network.
What does IDS do?
 Monitors the activities of the system and alerts the user of any intrusion
 Adds integrity to your system and the infrastructure
 Helps the system administrator to set up policies
 Analyzing system configurations and vulnerabilities
 Assessing system and file integrity
 Ability to recognize patterns typical of attacks
 Analysis of abnormal activity patterns
Intrusion detection systems
(IDS) are controls put in place
in order to check network
traffic. IDS is used to detect
actions on the network that
seem questionable and alert
the system or the
administrator of the
network. These systems may
be empowered to address
intrusion by blocking the user
or IP address source from
getting back on the network.
IDS DIAGRAM
What is the difference between IDS and
Firewall ?
 A firewall monitors the system based on the rules that are set by the user and
regulates the activity between the system and the Internet, and IDS monitors the
system for unwanted entry and reports or alerts the same to the user.

 Intrusion detection is a complementary security technology that attempts to


analyze and identify any malicious traffic directed against your network.
A firewall helps to screen out many kinds of malicious Internet traffic before it
reaches your computer, but not detect all types of security attacks.
What are the types of IDS?

Depending upon the IT dealing IDS are of two types such as

 NIDS(Network Intrusion Detection System)


 HIDS(Host-Based Intrusion Detection System)
NIDS(Network Intrusion Detection System)
 A network-based IDS scrutinizes
computer network traffic to identify
possible dubious activity.

 A Network IDS generally consists of


management servers, database
servers, multiple consoles and
sensors.

 NIDS gain access to network traffic


by connecting to a network hub,
network switch configured for port
mirroring or network tap.
HIDS(Host-Based Intrusion Detection System)

 Host-based systems monitor network activity on an individual


computer and are strictly software-based.

 A host-based IDS is installed on individual consoles, and


therefore must be compatible with the specific operating
system on each specific computer.

 The monitoring software, also known as an "agent,“


transmits information about the host's activity to
management servers.
ADVANTAGES OF USING IDS

 The sensors can be secured well as they "only" observe


traffic
 you can detect scans better - on the basis of signatures...
You can "filter“ traffic (actually, we will show later that this
is not always the case)

DISADVANTAGES OF USING IDS

 The probability of so called false


negatives (attacks are not detected
as attacks) is high as it is difficult to
control the whole network.
 mostly, they have to operate on
encrypted packets where analysis of
packets is complicated
 as a difference to host-based IDS they
do not see the impacts of an attack
SOME FREE IDS ARE
 AIDE
 Bro NIDS
 OSSEC HIDS
 Prelude Hybrid IDS
 Snort
 Suricate
CONCLUSION
 Although insider attacks pose some unique challenges for security
administrators, they can be easily detected by various types of IDS systems.

 By utilizing these systems, attacks can not only be detected, they can also be
properly investigated by identifying attack trends and patterns.

 The IDS systems that allow us to accomplish these goals must also be protected
against attacks as well, to prevent the corruption of attack data.

 It is only through identifying attack trends and patterns, and keeping logs un-
corrupted that insider attacks can be thwarted from the IDS part of the security
spectrum.
Thank You !!
ANY QUERIES ??

You might also like