merkow ppt 12-JRM
merkow ppt 12-JRM merkow ppt 12-JRM
Intrusion Detection Systems (IDS) -Two Classes cont. � Anomaly intrusions � Observations of deviations from normal system usage patterns � Can be detected by building up a profile of the system in question and detecting significant deviations from the profile � Can use neural networks, machine learning classification techniques � Harder to detect © Pearson Education Information Security: Principles and Practices 32
Intrusion Detection Systems (IDS) cont. � A Good Intrusion Detection System must � run continually without human supervision � be fault tolerant � resist subversion � impose minimal overhead on the attached network � observe deviations from normal behavior � be easily tailored to the network � cope with changing system behavior © Pearson Education Information Security: Principles and Practices 33
- Page 1 and 2: Information Security Principles and
- Page 3 and 4: Network Security in Context � Con
- Page 5 and 6: OSI Reference Model cont. © Pearso
- Page 7 and 8: OSI Reference Model and TCP/IP cont
- Page 9 and 10: OSI Reference Model and TCP/IP cont
- Page 11 and 12: OSI Model and Security � Security
- Page 13 and 14: Data Network Types cont. � Intern
- Page 15 and 16: Basic Security Infrastructures cont
- Page 17 and 18: Basic Security Infrastructures cont
- Page 19 and 20: Firewalls � Firewalls typically r
- Page 21 and 22: Firewalls cont. � Bastion Hosts
- Page 23 and 24: Firewalls cont. � Limitations of
- Page 25 and 26: Application-Level Gateway Firewall
- Page 27 and 28: Screened Host Firewall System (Sing
- Page 29 and 30: Screened-Subnet Firewall System ©
- Page 31: Intrusion Detection Systems (IDS) -
- Page 35 and 36: Virtual Private Networks (VPNs) �
- Page 37 and 38: Virtual Private Networks (VPNs) con
- Page 39 and 40: Virtual Private Networks (VPNs) con
- Page 41: Summary � The Telecommunications,
Intrusion Detection Systems (IDS)<br />
cont.<br />
� A Good Intrusion Detection System must<br />
� run continually without human supervision<br />
� be fault tolerant<br />
� resist subversion<br />
� impose minimal overhead on the attached<br />
network<br />
� observe deviations from normal behavior<br />
� be easily tailored to the network<br />
� cope with changing system behavior<br />
© Pearson Education Information Security:<br />
Principles and Practices 33