Intrusion Detection Systems

By: Darren Davis - Revised: 2014-01-23 richard

Download Slides – PDF-File, 1.0 MB

Introduction

It seems that someone is always poking their nose where they are not supposed to. Wouldn't it be great to find out when this is happening? That is what Intrusion Detection is for, but what exactly is it, why do you need one, and how do you set one up?

Darren will be presenting a general overview and then discuss how to implement one type of Intrusion Detection System for Networks using the HenWen interface to Snort. This will include a demonstration.


Intrusion Detection Systems

The Internet has been analogized to the Western Frontier with its share of good guys in their "White Hats" fighting the bandits and outlaws in their "Black Hats". Intrusion Detection Systems are becoming a predominant tool used by systems administrators to monitor their network and systems. Basically, an Intrusion Detection System is used to detect inappropriate use or activity of your network or computer systems. This is done by monitoring system or network events and sending alerts when certain events occur such as if someone starts scanning your network for computer systems connected to it.

There are several ways in which Intrusion Detection is done. There is host based Intrusion Detection Systems that monitor a computers activity logs or files to see what has occurred or if certain files have changed. Another way is to do Network Based Intrusion Detection where you have a system actually watch "sniff" for certain network activity that may indicate an attack is taking place. There are several organizations such as CERT and the SANS Institute that have excellent information and resources for detecting and reacting to system attacks. Please look in the Internet Links provided to visit their web sites. Also review the PDF Presentation I have provided on the details of Intrusion Detection Systems.