Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1

Описание к видео Intrusion Detection and Prevention Systems (IDS/IPS): Computer Security Lectures 2014/15 S1

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.

The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.

Topics covered in this lecture include:
Intrusion Detection and Prevention Systems
Detection
Test Your Awareness: Do The Test
   • Видео  
Terminology: True positive, False positive, True negative, False negative
Intrusion Detection Systems
Network-based IDS
Host-based IDS monitors system activity
Intrusion Prevention Systems
Intrusion detection and prevention system (IDPS)
Network design
Signature-based detection
String or pattern matching
Anomaly-based detection
Statistical anomaly: activity differs from the baseline (heuristics of what normally happens on your network)
Protocol anomaly: traffic that does not conform to the protocol specifications (for example, something on port 80 that is not HTTP)
There are various ways that attacks can avoid being detected by an IDS
Anomaly-based: normal changes in activity can cause false positives
Signature-based: must be kept up-to-date
Encryption, alternative encoding, and so on
Packet fragmentation
Limitations
Snort
Simple signature-based rule language
Rules are prioritised based on complexity
Snort rules
Actions, Protocols, Directions, Pattern matching options, content
Alerts and logging
Snort commands
snort.conf
Snort rule sets
Other Snort tools
Monitoring Snort: ACARM-ng, Snortsnarf, SnortALog, Snort_stat, ACID
Responding
Other IDS
Bro, Suricata
Other IDS vendors
Recommended reading
Free Online Book: Babbin, J.; Biles, S.; Orebaugh, A.D. (2009), Snort Cookbook, O'Reilly Commons http://commons.oreilly.com/wiki/index...

Комментарии

Информация по комментариям в разработке