Network Security:
Intrusion Detection Systems
Vo Viet Minh Nhat
Information Technology Dept.
Faculty of Sciences
Agenda
Introduction to Intrusion Detection
Host-Based IDSs
Network-Based IDSs
IDS Management Communications:
Monitoring the Network
Sensor Maintenance
Conclusion
Objectives
On completing this section, you will be able to
Explain the main differences between the various
IDSs
Describe host-based IDSs in detail
Describe network-based IDSs in detail
Explain how IDS management communication
works
Describe IDS tuning
Explain how IDS maintenance works
Introduction
to defend company resources: not only
passively by using firewalls, virtual private
networks (VPNs), encryption techniques, and
whatever other tricks, but also by deploying
proactive tools and devices throughout the
network => IDS
Intrusion = someone tries to break into, misuse,
or exploit a system => security policy defines
what and who constitutes attempts to break into,
abuse, or exploit a system.
Introduction
Two types of potential intruders exist:
Outside intruders: referred to as crackers
Inside intruders: occur from within the organization
IDSs are effective solutions to detect both types
of intrusions continuously. These systems run
constantly in a network, notifying network
security personnel when they detect an attempt
they consider suspicious.