Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1
This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
Intrusion Detection and Prevention Systems
Detection
Test Your Awareness: Do The Test
http://www.youtube.com/watch?v=Ahg6qcgoay4
Terminology: True positive, False positive, True negative, False negative
Intrusion Detection Systems
Network-based IDS
Host-based IDS monitors system activity
Intrusion Prevention Systems
Intrusion detection and prevention system (IDPS)
Network design
Signature-based detection
String or pattern matching
Anomaly-based detection
Statistical anomaly: activity differs from the baseline (heuristics of what normally happens on your network)
Protocol anomaly: traffic that does not conform to the protocol specifications (for example, something on port 80 that is not HTTP)
There are various ways that attacks can avoid being detected by an IDS
Anomaly-based: normal changes in activity can cause false positives
Signature-based: must be kept up-to-date
Encryption, alternative encoding, and so on
Packet fragmentation
Limitations
Snort
Simple signature-based rule language
Rules are prioritised based on complexity
Snort rules
Actions, Protocols, Directions, Pattern matching options, content
Alerts and logging
Snort commands
snort.conf
Snort rule sets
Other Snort tools
Monitoring Snort: ACARM-ng, Snortsnarf, SnortALog, Snort_stat, ACID
Responding
Other IDS
Bro, Suricata
Other IDS vendors
Recommended reading
Free Online Book: Babbin, J.; Biles, S.; Orebaugh, A.D. (2009), Snort Cookbook, O'Reilly Commons http://commons.oreilly.com/wiki/index.php/Snort_Cookbook
Видео Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1 канала Z. Cliffe Schreuders
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
Intrusion Detection and Prevention Systems
Detection
Test Your Awareness: Do The Test
http://www.youtube.com/watch?v=Ahg6qcgoay4
Terminology: True positive, False positive, True negative, False negative
Intrusion Detection Systems
Network-based IDS
Host-based IDS monitors system activity
Intrusion Prevention Systems
Intrusion detection and prevention system (IDPS)
Network design
Signature-based detection
String or pattern matching
Anomaly-based detection
Statistical anomaly: activity differs from the baseline (heuristics of what normally happens on your network)
Protocol anomaly: traffic that does not conform to the protocol specifications (for example, something on port 80 that is not HTTP)
There are various ways that attacks can avoid being detected by an IDS
Anomaly-based: normal changes in activity can cause false positives
Signature-based: must be kept up-to-date
Encryption, alternative encoding, and so on
Packet fragmentation
Limitations
Snort
Simple signature-based rule language
Rules are prioritised based on complexity
Snort rules
Actions, Protocols, Directions, Pattern matching options, content
Alerts and logging
Snort commands
snort.conf
Snort rule sets
Other Snort tools
Monitoring Snort: ACARM-ng, Snortsnarf, SnortALog, Snort_stat, ACID
Responding
Other IDS
Bro, Suricata
Other IDS vendors
Recommended reading
Free Online Book: Babbin, J.; Biles, S.; Orebaugh, A.D. (2009), Snort Cookbook, O'Reilly Commons http://commons.oreilly.com/wiki/index.php/Snort_Cookbook
Видео Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1 канала Z. Cliffe Schreuders
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Network Intrusion Detection Systems (SNORT)IDS and IPSIPS and IDS | Intrusion Detection and Intrusion Prevention SystemsIndustrial Control Systems - Understanding ICS ArchitecturesNMap 101: Scanning Networks For Open Ports To Access, HakTip 94Intrusion Detection System with Snort Rules CreationSymmetric Key and Public Key EncryptionLearn Network Attacks Using WiresharkCIA Triangle: The Core of CybersecurityInformation Security Management: Computer Security Lectures 2014/15 S1UniFi IDS/IPS Deeper Look!Endpoint Protection | Security BasicsIntrusion Detection System OSSEC | One Stop Cyber SecurityHow an IDS/IPS solution can protect your network?Secure Design PrinciplesDifference between IDS & IPS in Easy Way: Intrusion Detection System Vs Intrusion Prevention SystemWhat is Endpoint Detection & Response? — RAM Communications, Inc.MicroNugget: How to Do Penetration Testing and Vulnerability ScanningNetwork Threats: Port ScanningIntrusion Detection System for Windows (SNORT)