3. History
• USAF – 1972
– Noted vulnerabilities of computer security
• 1984
– First Intrusion Detection System Prototype
– Real Time Intrusion Detection
– Would eventually evolve into modern NBIDS
4. IDS Features
• Pattern matching
• Data destruction
• denial-of-service
• Hostile code
• Network or System Eavesdropping
• System and Network Mapping
• Unauthorized access
• Anomaly Detection
5. Intrusion Detection Technologies
• Host-based Intrusion detection Systems
(HIDS)
• Network-Based intrusion detection systems
(NBIDS)
• File System Integrity checkers
• Honeypot Systems
• Security Information Management (SIM)
6. Network-Based Intrusion Detection
System (NBIDS)
• More network based attacks
• Shift from host based to network based
• An NBIDS is a system that monitors traffic
at selected points on a network or
interconnected set of networks
7. Types of Attacks
(Internal)
• Insider Attacks
– Not limited to an employee
• Examples
– Internal Denial of Service (DoS)
– Internal Privilege Escalation
– Internal Super-User Privileges
8. Types of Attacks
(External)
• External Threats
– Companies systems are becoming more visible
– International Threats
• Example
– External Denial of Service (DoS)
– External Privilege Escalations
10. Types of NBIDS
• Promiscuous-Mode
– Captures every packet
• Network-Node
– VPN
11. NBIDS Issues
• Cannot reassemble all fragmented traffic
• Cannot compensate for low credential
standards
• Cannot analyze all data or deal with packet-
level issues
• Firewalls serve best
12. NBIDS Future
• Artificial Intelligence
• Combination of:
– Anomaly Detection
– Misuse Detection
• New Hybrid Model
13. Cost Effectiveness
• One Third of attacks originate inside the
company
• Firewalls only prevent unauthorized access
from outside the network
• Companies spent $3.8 Million/year
• Compared to $60,000 for a hardware-based
Cisco® NBIDS
14. Available NBIDS
• Snort Intrusion Prevention – Software-
based
– Free
• AIDE – Software-Based
– Free
• IBM RealSecure ISS – Software-Based
– ~$12,000
• Cisco IPS 4270 – Harware-based
– ~$50,000-$60,000
15. FAQ
• Why have a NBIDS if it cannot prevent a
hack?
• When would it be necessary to use a Host-
based Intrusion Detection System?
• What is a Signature?
16. Conclusion
• Goal:
– To achieve a balance
• NBIDS is not preventative
– Firewall
– Antivirus
– Host based IDS