Wednesday, October 28, 2009

Lecture 9 : Intrusion Detection System

::Security Intrusion

- access to a system w
ithout authorization, attempt to cracking.

::Intrusion Detection

- security service that monitors and analyzes system events for the purpose to finding & providing real-time or near real-time warning of attempts to access system resources.

a)Host-based IDS: monitor single host activity
b)Network-based IDS: monitor net
work traffic

:: 3 Types Of IDS

a) Host IDS - specialized software to monitor system activity to
detect suspicious behavior
- anomaly detection - defines normal/expected behavior
- signature detection - defines proper behavior

b)Network IDS - monitor traffic at selected points on a network
in (near) real time to detect intrusion patterns; may examine network, transport and/or application level prot
ocol activity directed toward systems. it comprises a number of sensors

3) Distributed IDS

- the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
- specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions & also broadcasts the alert in its communication group.
- the attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
- A periodical report containing the intrusion alerts is generated and sent to the farm administrator.