SlideShare a Scribd company logo

Introduction To NIDS

Download as ODP, PDF
Michael Boman
Michael Boman

This document introduces network intrusion detection systems (NIDS). It discusses how to physically connect a NIDS using a network tap, switch SPAN port, or hub. It also covers different types of NIDS like pattern matching and anomaly detection. The document explains false positives, false negatives, and interoperability challenges between vendors. It concludes with a question and answer section and recommends calculating the severity of network events using the SANS rating formula.

Technology
1 of 25
Introduction to Network IDS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What we will cover: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why Network Intrusion Detection ? ,[object Object],[object Object],[object Object],[object Object]
Think about this before installing a Network IDS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How to connect your Network IDS ,[object Object],[object Object],[object Object],[object Object]
Using a network TAP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],( TAP = Test Administrative Port)
Inside a Network TAP Device A Network IDS Device B TX TX RX RX RX RX
Can anyone spot the problem? ,[object Object]
Did you figure it out? ,[object Object],[object Object]
Using a switch SPAN port ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using a HUB ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Where to connect your NIDS
Different types of NIDS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
False Positives / False Negatives Alert generated Alert not generated Malicious traffic Non-malicious traffic
False Positives / False Negatives Explained ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detector capability Property Result in it's absence Reliability Sensitivity The level of certainty provided by detector when receive warning of possible event The capability detector has for extensive and complex analysis in locating possible attacks False Positives False Negatives
Network IDS Interoperability ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDMEF / IDXP ,[object Object],[object Object],[object Object],[object Object],[object Object]
SDEE ,[object Object],[object Object],[object Object]
SDEE Quote ,[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],SANS Severity Ratings Criticality + Lethality System Countermeasures + Network Countermeasures ) ( ( ) -
SANS Severity Ratings (cont'd) ,[object Object],[object Object],[object Object],[object Object]
What have we learned? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Questions? ,[object Object]
Recommended reading material ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Sguil
SguilSguil
Sguil
Michael Boman
 
Acid
AcidAcid
Acid
Michael Boman
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
Michael Boman
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Lancope, Inc.
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Lancope and-cisco-asa-for-advanced-security
Lancope and-cisco-asa-for-advanced-securityLancope and-cisco-asa-for-advanced-security
Lancope and-cisco-asa-for-advanced-security
Lancope, Inc.
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 

Recommended

Sguil
SguilSguil
Sguil
Michael Boman
 
Acid
AcidAcid
Acid
Michael Boman
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
Michael Boman
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Lancope, Inc.
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Lancope and-cisco-asa-for-advanced-security
Lancope and-cisco-asa-for-advanced-securityLancope and-cisco-asa-for-advanced-security
Lancope and-cisco-asa-for-advanced-security
Lancope, Inc.
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
 
Firewall
FirewallFirewall
Firewall
Manikyala Rao
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
Narudom Roongsiriwong, CISSP
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
Chris Sistrunk
 
FireWall
FireWallFireWall
FireWall
rubal_9
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
Lance Howell
 
Firewalls
FirewallsFirewalls
Firewalls
junaid15bsse
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
Girija Sankar Dash
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Kismet
KismetKismet
Kismet
Nilesh Pawar
 
Linux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationLinux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai Presentation
Vinoth Sivasubramanan
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
manav416
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
Sapna Kumari
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
Anthony Daniel
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
Kory Kyzar
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
Saksham Agrawal
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
VC Infotech
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
A Simple Network IDS
A Simple Network IDSA Simple Network IDS
A Simple Network IDS
Daniel Cassiero
 

More Related Content

What's hot

FireWall
FireWallFireWall
FireWall
rubal_9
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
Lance Howell
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
Sapna Kumari
 

What's hot (20)

Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Firewall
FirewallFirewall
Firewall
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
 
FireWall
FireWallFireWall
FireWall
 
Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet Introduction
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Kismet
KismetKismet
Kismet
 
Linux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationLinux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai Presentation
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
 

Viewers also liked

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
limsh
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
Bikrant Gautam
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 

Viewers also liked (20)

Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
A Simple Network IDS
A Simple Network IDSA Simple Network IDS
A Simple Network IDS
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
Secure Software Development Adoption Strategy
Secure Software Development Adoption StrategySecure Software Development Adoption Strategy
Secure Software Development Adoption Strategy
 
Pgp
PgpPgp
Pgp
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Database security
Database securityDatabase security
Database security
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 

Similar to Introduction To NIDS

T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
eroglu
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Resume_Appaji
Resume_AppajiResume_Appaji
Resume_Appaji
Appaji K
 
Thesis Statement On Digital Security
Thesis Statement On Digital SecurityThesis Statement On Digital Security
Thesis Statement On Digital Security
Lindsey Jones
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
Angie Lee
 

Similar to Introduction To NIDS (20)

Day4
Day4Day4
Day4
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber Crime
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy Assignment
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Resume_Appaji
Resume_AppajiResume_Appaji
Resume_Appaji
 
Peer-to-peer Internet telephony
Peer-to-peer Internet telephonyPeer-to-peer Internet telephony
Peer-to-peer Internet telephony
 
BYOD Monitoring
BYOD MonitoringBYOD Monitoring
BYOD Monitoring
 
EFFICIENT IDENTIFICATION AND REDUCTION OF MULTIPLE ATTACKS ADD VICTIMISATION ...
EFFICIENT IDENTIFICATION AND REDUCTION OF MULTIPLE ATTACKS ADD VICTIMISATION ...EFFICIENT IDENTIFICATION AND REDUCTION OF MULTIPLE ATTACKS ADD VICTIMISATION ...
EFFICIENT IDENTIFICATION AND REDUCTION OF MULTIPLE ATTACKS ADD VICTIMISATION ...
 
Thesis Statement On Digital Security
Thesis Statement On Digital SecurityThesis Statement On Digital Security
Thesis Statement On Digital Security
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
 
Pervasive nation
Pervasive nationPervasive nation
Pervasive nation
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Cyber security2012 hybrid-hardware-software
Cyber security2012 hybrid-hardware-softwareCyber security2012 hybrid-hardware-software
Cyber security2012 hybrid-hardware-software
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
 

More from Michael Boman

Malware Analysis as a Hobby
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
Michael Boman
 
Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
Michael Boman
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Michael Boman
 
Enkla hackerknep för testare
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
Michael Boman
 
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Michael Boman
 
Privacy in Wireless Networks
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
Michael Boman
 

More from Michael Boman (20)

How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
 
44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring Budget
 
Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)
 
Malware Analysis as a Hobby
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
 
Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
 
Sans och vett på Internet
Sans och vett på InternetSans och vett på Internet
Sans och vett på Internet
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
 
Hur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-serverHur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-server
 
OWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the WorldOWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the World
 
Enkla hackerknep för testare
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
 
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
 
USB (In)Security 2008-08-22
USB (In)Security 2008-08-22USB (In)Security 2008-08-22
USB (In)Security 2008-08-22
 
Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19
 
Overcoming USB (In)Security
Overcoming USB (In)SecurityOvercoming USB (In)Security
Overcoming USB (In)Security
 
Privacy in Wireless Networks
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
 
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and PracticeNetwork Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Introduction To NIDS

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Inside a Network TAP Device A Network IDS Device B TX TX RX RX RX RX
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. Where to connect your NIDS
  • 13.
  • 14. False Positives / False Negatives Alert generated Alert not generated Malicious traffic Non-malicious traffic
  • 15.
  • 16. Detector capability Property Result in it's absence Reliability Sensitivity The level of certainty provided by detector when receive warning of possible event The capability detector has for extensive and complex analysis in locating possible attacks False Positives False Negatives
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.