Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1
This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
Intrusion Detection and Prevention Systems
Detection
Test Your Awareness: Do The Test
http://www.youtube.com/watch?v=Ahg6qcgoay4
Terminology: True positive, False positive, True negative, False negative
Intrusion Detection Systems
Network-based IDS
Host-based IDS monitors system activity
Intrusion Prevention Systems
Intrusion detection and prevention system (IDPS)
Network design
Signature-based detection
String or pattern matching
Anomaly-based detection
Statistical anomaly: activity differs from the baseline (heuristics of what normally happens on your network)
Protocol anomaly: traffic that does not conform to the protocol specifications (for example, something on port 80 that is not HTTP)
There are various ways that attacks can avoid being detected by an IDS
Anomaly-based: normal changes in activity can cause false positives
Signature-based: must be kept up-to-date
Encryption, alternative encoding, and so on
Packet fragmentation
Limitations
Snort
Simple signature-based rule language
Rules are prioritised based on complexity
Snort rules
Actions, Protocols, Directions, Pattern matching options, content
Alerts and logging
Snort commands
snort.conf
Snort rule sets
Other Snort tools
Monitoring Snort: ACARM-ng, Snortsnarf, SnortALog, Snort_stat, ACID
Responding
Other IDS
Bro, Suricata
Other IDS vendors
Recommended reading
Free Online Book: Babbin, J.; Biles, S.; Orebaugh, A.D. (2009), Snort Cookbook, O'Reilly Commons http://commons.oreilly.com/wiki/index.php/Snort_Cookbook
Видео Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1 канала Z. Cliffe Schreuders
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
Intrusion Detection and Prevention Systems
Detection
Test Your Awareness: Do The Test
http://www.youtube.com/watch?v=Ahg6qcgoay4
Terminology: True positive, False positive, True negative, False negative
Intrusion Detection Systems
Network-based IDS
Host-based IDS monitors system activity
Intrusion Prevention Systems
Intrusion detection and prevention system (IDPS)
Network design
Signature-based detection
String or pattern matching
Anomaly-based detection
Statistical anomaly: activity differs from the baseline (heuristics of what normally happens on your network)
Protocol anomaly: traffic that does not conform to the protocol specifications (for example, something on port 80 that is not HTTP)
There are various ways that attacks can avoid being detected by an IDS
Anomaly-based: normal changes in activity can cause false positives
Signature-based: must be kept up-to-date
Encryption, alternative encoding, and so on
Packet fragmentation
Limitations
Snort
Simple signature-based rule language
Rules are prioritised based on complexity
Snort rules
Actions, Protocols, Directions, Pattern matching options, content
Alerts and logging
Snort commands
snort.conf
Snort rule sets
Other Snort tools
Monitoring Snort: ACARM-ng, Snortsnarf, SnortALog, Snort_stat, ACID
Responding
Other IDS
Bro, Suricata
Other IDS vendors
Recommended reading
Free Online Book: Babbin, J.; Biles, S.; Orebaugh, A.D. (2009), Snort Cookbook, O'Reilly Commons http://commons.oreilly.com/wiki/index.php/Snort_Cookbook
Видео Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1 канала Z. Cliffe Schreuders
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Network Intrusion Detection Systems (SNORT)
IDS and IPS
IPS and IDS | Intrusion Detection and Intrusion Prevention Systems
Industrial Control Systems - Understanding ICS Architectures
NMap 101: Scanning Networks For Open Ports To Access, HakTip 94
Intrusion Detection System with Snort Rules Creation
Symmetric Key and Public Key Encryption
Learn Network Attacks Using Wireshark
CIA Triangle: The Core of Cybersecurity
Information Security Management: Computer Security Lectures 2014/15 S1
UniFi IDS/IPS Deeper Look!
Endpoint Protection | Security Basics
Intrusion Detection System OSSEC | One Stop Cyber Security
How an IDS/IPS solution can protect your network?
Secure Design Principles
Difference between IDS & IPS in Easy Way: Intrusion Detection System Vs Intrusion Prevention System
What is Endpoint Detection & Response? — RAM Communications, Inc.
MicroNugget: How to Do Penetration Testing and Vulnerability Scanning
Network Threats: Port Scanning
Intrusion Detection System for Windows (SNORT)