Intrusion detection system IDS seminar or presentation report
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
computer science crazy
Super Moderator
******

Posts: 3,048
Joined: Dec 2008
#1
31-12-2009, 06:51 PM



.doc   Intrusion detection system IDS seminar report.doc (Size: 502.5 KB / Downloads: 814)
ABSTRACT
Internet Information Services (IIS) web servers “ which host web pages and serve them to users “ are highly popular among business organizations, with over 6 million such servers installed worldwide. Unfortunately, IIS web servers are also popular among hackers and malicious fame-seekers “ as a prime target for attacks. As a result, every so often, new exploits emerge which endanger your IIS web server™s integrity and stability. Many administrators have a hard time keeping up with the various security patches released for IIS to cope with each new exploit, making it easy for malicious users to find a vulnerable web server on the Internet. Immediate Intrusion Detection suggests that all of these vulnerabilities the same system files, careful monitoring of these files could provide you with an inexpensive form of real-time intrusion detection. The market is currently filled mostly by rule-based IDS solutions aiming at detecting already known attacks by analysing traffic flow and looking for known signatures. This fact requires such IDS to be under constant construction updating and modifying attack signatures and requiring to pay considerable financial amount for support. On the other hand it is possible to use anomaly based IDS solutions detecting not just known attacks but also unknown attacks and informing network engineers about possible network problems or helping them to troubleshoot them. The market is currently filled mostly by rule-based IDS solutions aiming at detecting already known attacks by analysing traffic flow and looking for known signatures. This fact requires such IDS to be under constant construction updating and modifying attack signatures and requiring to pay considerable financial amount for support. On the other hand it is possible to use anomaly based IDS solutions detecting not just known attacks but also unknown attacks and informing network engineers about possible network problems or helping them to troubleshoot them.

INTRODUCTION
A correct firewall policy can minimize the exposure of many networks however they are quite useless against attacks launched from within. Hackers are also evolving their attacks and network subversion methods. These techniques include email based Trojan, stealth scanning techniques, malicious code and actual attacks, which bypass firewall policies by tunneling access over allowed protocols such as ICMP, HTTP, DNS, etc. Hackers are also very good at creating and releasing malware for the ever-growing list of application vulnerabilities to compromise the few services that are being let through by a firewall.
IDS arms your business against attacks by continuously monitoring network activity, ensuring all activity is normal. If IDS detects malicious activity it responds immediately by destroying the attacker's access and shutting down the attack. IDS reads network traffic and looks for patterns of attacks or signatures, if a signature is identified, IDS sends an alert to the Management Console and a response is immediately deployed.

DEFINITIONS
What is intrusion?
An intrusion is somebody attempting to break into or misuse your system. The word "misuse" is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email system for Spam.
What is an IDS?
An IDS is the real-time monitoring of network/system activity and the analysing of data for potential vulnerabilities and attacks in progress.

Intrusion Detection Systems is a topic that has recently garnered much interest in the computer security community. In the last few years, this interest level has spurred the development of a variety of approaches to providing IDS capabilities that are both reliable and low-impact in terms of management or cost. When presented with different types of IDS one might be tempted to assume that one approach or another was inherently superior. In fact, the mixture of approaches used for IDS offers the security analyst a unique opportunity in terms of the synergies inherent in combined techniques. Intrusion Detection Systems are like a burglar alarm for your computer network. They detect unathorized access attempts. They are the first line of defence for your computer systems.
NEED FOR IDS
Who are attacked?
Internet Information Services (IIS) web servers “ which host web pages and serve them to users “ are highly popular among business organizations, with over 6 million such servers installed worldwide. Unfortunately, IIS web servers are also popular among hackers and malicious fame-seekers “ as a prime target for attacks!
As a result, every so often, new exploits emerge which endanger your IIS web server™s integrity and stability. Many administrators have a hard time keeping up with the various security patches released for IIS to cope with each new exploit, making it easy for malicious users to find a vulnerable web server on the Internet. There are multiple issues which can completely endanger your Web server “ and possibly your entire corporate network and reputation.
People fell there is nothing on their system that anybody would want. But what they are unaware of is that, there is the issue of legal liability. You are potentially liable for damages caused by a hacker using your machine. You must be able to prove to a court that you took "reasonable" measures to defend yourself from hackers. For example, consider if you put a machine on a fast link (cable modem or DSL) and left administrator/root accounts open with no password. Then if a hacker breaks into that machine, then uses that machine to break into a bank, you may be held liable because you did not take the most obvious measures in securing the machine.
How are they attacked?
An intruder normally hacks into your system only after he has carefully accessed you and your security and he attacks you in a systematic way to cause maximum damage. The normal steps towards intrusion are:
Outside reconnaissance: The intruder will find out as much as possible without actually giving himself away. They will do this by finding public information or appearing as a normal user. In this stage, you really can't detect them. The intruder will do a 'whois' lookup to find as much information as possible about your network as registered along with your Domain Name (such as foobar.com. The intruder might walk through your DNS tables (using 'nslookup', 'dig', or other utilities to do domain transfers) to find the names of your machines. The intruder will browse other public information, such as your public web sites and anonymous FTP sites. The intruder might search news articles and press releases about your company.
Inside reconnaissance: The intruder uses more invasive techniques to scan for information, but still doesn't do anything harmful. They might walk through all your web pages and look for CGI scripts (CGI scripts are often easily hacked). They might do a 'ping' sweep in order to see which machines are alive. They might do a UDP/TCP scan/strobe on target machines in order to see what services are available. They'll run utilities like 'rcpinfo', 'showmount', 'snmpwalk', etc. in order to see what's available. At this point, the intruder has done 'normal' activity on the network and has not done anything that can be classified as an intrusion. At this point, a NIDS will be able to tell you that "somebody is checking door handles", but nobody has actually tried to open a door yet.
Exploit: The intruder crosses the line and starts exploiting possible holes in the target machines. The intruder may attempt to compromise a CGI script by sending shell commands in input fields. The intruder might attempt to exploit well-known buffer-overrun holes by sending large amounts of data. The intruder may start checking for login accounts with easily guessable (or empty) passwords. The hacker may go through several stages of exploits. For example, if the hacker was able to access a user account, they will now attempt further exploits in order to get root/admin access.
Foot hold: At this stage, the hacker has successfully gained a foot hold in your network by hacking into a machine. The intruder's main goal is to hide evidence of the attacks (doctoring the audit trail and log files) and make sure they can get back in again. They may install 'toolkits' that give them access, replace existing services with their own Trojan horses that have backdoor passwords, or create their own user accounts. System Integrity Verifiers (SIVs) can often detect an intruder at this point by noting the changed system files. The hacker will then use the system as a stepping stone to other systems, since most networks have fewer defenses from inside attacks.
Profit: The intruder takes advantage of their status to steal confidential data, misuse system resources (i.e. stage attacks at other sites from your site), or deface web pages.

TYPES OF IDS
There are two primary types of IDS:
Network based IDS
A Network Intrusion Detection system (NIDS) transparently monitors network traffic, looking for patterns indicative of an attack on a computer or network device. By examining the network traffic, a network based intrusion detection system can detect suspicious activity such as a port scan or Denial of Service (DOS) attacks.
A NID monitors the network traffic it has access to, by comparing the data in the TCP/IP packet to a database of attack signatures. In a network environment, it can see packets to and from the system(s) that it monitors. In a switched environment, it can see packets coming to and from the system(s) that it monitors, providing it can see all data traffic on the ports that connect to the systems. Once a NIDS detects an attack, the following actions may be taken:
Send email notification
Send an SNMP trap to a network management system
Send a page (to a pager)
Block a TCP connection
Kill a TCP connection
Run a user defined script
In general terms a NID will be deployed on a DMZ. This assumes that you have a firewall in place and that you have a DMZ configured. When deployed behind the firewalls, the NID will detect attacks from protocols and sources allowed through the firewall and from internal users. By taking an action, such as sending an SNMP trap or a page, it can alert network staff that an attack is in progress and enable them to make decisions based on the nature of the attack. It is recommended that the IDS is used for detection and alerting only and not for proactive defence i.e. killing/blocking TCP connections as this can often cause more problems.

Host based IDS
In most cases, a Host Intrusion Detection System (HIDS) component is made up of two parts: a centralised manager and a server agent. The manager is used to administer and store policies, download policies to agents and store information received by agents. The agent is installed onto each server and registered with the manager. Agents use policies to detect and respond to specific events and attacks. An example of a policy would be an agent that sends an SNMP trap when three concurrent logins as root have failed on a UNIX server. System logs and processes are also monitored to see if any actions that violate the policy have occurred. If a policy has been violated, the agent will take a predefined action such as sending an email or sending a SNMP trap to a network management system. Host based intrusion detection system may further be divided into
System integrity verifiers (SIV): monitors system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well known signatures. It may also detect when a normal user somehow acquires root/administrator level privileges. Many existing products in this area should be considered more "tools" than complete "systems": i.e. something like "Tripwire" detects changes in critical system components, but doesn't generate real-time alerts upon an intrusion.
Log file monitors (LFM): monitor log files generated by network services. In a similar manner to NIDS, these systems look for patterns in the log files that suggest an intruder is attacking. A typical example would be a parser for HTTP server log files that looking for intruders who try well-known security holes, such as the "phf" attack. Example: swatch

WORKING OF IDS
Anomaly detection
The most common way people approach network intrusion detection is to detect statistical anomalies. The idea behind this approach is to measure a "baseline" of such stats as CPU utilization, disk activity, user logins, file activity, and so forth. Then, the system can trigger when there is a deviation from this baseline.
The benefit of this approach is that it can detect the anomalies without having to understand the underlying cause behind the anomalies.
For example, let's say that you monitor the traffic from individual workstations. Then, the system notes that at 2am, a lot of these workstations start logging into the servers and carrying out tasks. This is something interesting to note and possibly take action on.
Signature recognition
The majority of commercial products are based upon examining the traffic looking for well-known patterns of attack. This means that for every hacker technique, the engineers code something into the system for that technique.
This can be as simple as a pattern match. The classic example is to example every packet on the wire for the pattern "/cgi-bin/phf?", which might indicate somebody attempting to access this vulnerable CGI script on a web-server. Some IDS systems are built from large databases that contain hundreds (or thousands) of such strings. They just plug into the wire and trigger on every packet they see that contains one of these strings.
Traffic consists of IP datagrams flowing across a network. A NIDS is able to capture those packets as they flow by on the wire. A NIDS consists of a special TCP/IP stack that reassembles IP datagrams and TCP streams. It then applies some of the following techniques:
Protocol stack verification : A number of intrusions, such as "Ping-O-Death" and "TCP Stealth Scanning" use violations of the underlying IP, TCP, UDP, and ICMP protocols in order to attack the machine. A simple verification system can flag invalid packets. This can include valid, by suspicious, behavior such as severally fragmented IP packets.
Application protocol verification: A number of intrusions use invalid protocol behavior, such as "WinNuke", which uses invalid NetBIOS protocol (adding OOB data) or DNS cache poisoning, which has a valid, but unusually signature. In order to effectively detect these intrusions, a NIDS must re-implement a wide variety of application-layer protocols in order to detect suspicious or invalid behavior.
Creating new loggable events: A NIDS can be used to extend the auditing capabilities of your network management software. For example, a NIDS can simply log all the application layer protocols used on a machine. Downstream event log systems (WinNT Event, UNIX syslog, SNMP TRAPS, etc.) can then correlate these extended events with other events on the network.
NIDS fights back
Once intrusion has been detected NIDS reacts by performing the following tasks:
Reconfigure firewall
Configure the firewall to filter out the IP address of the intruder. However, this still allows the intruder to attack from other addresses. Checkpoint firewall's support a "Suspicious Activity Monitoring Protocol (SAMP)" for configuring firewalls. Checkpoint has their "OPSEC" standard for re-configuring firewalls to block the offending IP address.
Chime
Beep or play a .WAV file. For example, you might hear a recording "You are under attack".
SNMP Trap
Send an SNMP Trap datagram to a management console like HP OpenView, Tivoli, Cabletron Spectrum, etc.
NT Event
Send an event to the WinNT event log.
syslog
Send an event to the UNIX syslog event system.

send e-mail
Send e-mail to an administrator to notify of the attack.
page
Page (using normal pagers) the system administrator.
Log the attack
Save the attack information (timestamp, intruder IP address, victim IP address/port, protocol information).
Save evidence
Save a tracefile of the raw packets for later analysis.
Launch program
Launch a separate program to handle the event.
Terminate the TCP session
Forge a TCP FIN packet to force a connection to terminate

BENEFITS OF AN IDS
In todayâ„¢s corporate market, the majority of businesses consider the Internet as a major tool for communication with their customers, business partners and the corporate community. This mentality is here to stay; as a result businesses need to consider the risks associated with using the Internet as communication tool, and the methods available to them to mitigate these risks. Many businesses are already aware of the types of risks that they are facing, and have implemented measures such as Firewalls, Virus detection software, access control mechanisms etc. However it is all too apparent that although these measures may deter the hobby hacker, the real danger and threat comes from the determined hacker. The determined hacker is just that determined and they will find a way of penetrating your system, sometimes for malicious intent but mostly because they can and it is a test of skills. Whilst the above mentioned tools are preventative measures, an IDS is more of an analysis tool, that will give you the following information:
Instance of attack
Method of attack
Source of attack
Signature of attack
This type of information is becoming increasingly important when trying to design and implement the right security programme for an organisation. Although some of this information can be found in devices such as Firewalls and access control systems as they all contain log information on system activity In these instances the onus is on the administrator to check the logs to determine if an attempted attack has occurred or after the event find out when the attack occurred and the source of the attack. Usually information pertaining to the method of the attack and the signature of the attack cannot be found in the logs. This is because devices such as Firewalls are designed to check the IP packet header information and not the payload portion of the IP packet.
An IDS will check the payload of the packet to determine if the pattern of data held within, matches that of a known attack signature. The benefits of the above information are as follows:
Instance of attack: An IDS will alert when an attack is in progress, this gives you the benefit of counteracting the attack as it happens, without having to go through lengthy logs to find out when this particular attack occurred.
Method of attack: An IDS will let you know what area of your network or
system on your network is under attack and how it is being attacked. This enables you to react accordingly and hopefully limit the damage of the attack by i.e. disabling communications to these systems.
Source of attack: An IDS will let you know the source of an attack, it is then down to the administrator to determine if it is a legitimate source. By determining the legitimacy of the source the administrator is able to determine if he/she can disable communications from this source.
Signature of attack: An IDS will identify the nature of the attack, and the pattern of the attack and alert accordingly. This information alerts the organization to the types of vulnerabilities that they are susceptible to and permits them to take precautions accordingly.
The above information allows an organisation to:
Build a vulnerability profile of their network and the required precautions.
Plan its corporate defence strategy
Budget for security expenditure
IDS and Firewalls
A common misunderstanding is that firewalls recognize attacks and block them. This is not true.
Firewalls are simply a device that shuts off everything, then turns back on only a few well-chosen items. In a perfect world, systems would already be "locked down" and secure, and firewalls would be unneeded. The reason we have firewalls is precisely because security holes are left open accidentally. Thus, when installing a firewall, the first thing it does is stops ALL communication. The firewall administrator then carefully adds "rules" that allow specific types of traffic to go through the firewall. For example, a typical corporate firewall allowing access to the Internet would stop all UDP and ICMP datagram traffic, stops incoming TCP connections, but allows outgoing TCP connections. This stops all incoming connections from Internet hackers, but still allows internal users to connect in the outgoing direction.
A firewall is simply a fence around you network, with a couple of well chosen gates. A fence has no capability of detecting somebody trying to break in (such as digging a hole underneath it), nor does a fence know if somebody coming through the gate is allowed in. It simply restricts access to the designated points.
In summary, a firewall is not the dynamic defensive system that users imagine it to be. In contrast, an IDS is much more of that dynamic system. An IDS does recognize attacks against the network that firewalls are unable to see.
For example, in April of 1999, many sites were hacked via a bug in ColdFusion. These sites all had firewalls that restricted access only to the web server at port 80. However, it was the web server that was hacked. Thus, the firewall provided no defense. On the other hand, an intrusion detection system would have discovered the attack, because it matched the signature configured in the system.
Another problem with firewalls is that they are only at the boundary to your network. Roughly 80% of all financial losses due to hacking come from inside the network. A firewall a the perimeter of the network sees nothing going on inside; it only sees that traffic which passes between the internal network and the Internet.
Some reasons for adding IDS to you firewall are:
Double-checks misconfigured firewalls.
Catches attacks that firewalls legitimate allow through (such as attacks against web servers).
Catches attempts that fail.
Catches insider hacking.

LIMITATIONS OF IDS
Network intrusion detection systems are unreliable enough that they should be considered only as secondary systems designed to backup the primary security systems.
Primary systems such as firewalls, encryption, and authentication are rock solid. Bugs or misconfiguration often lead to problems in these systems, but the underlying concepts are "provably" accurate. The underlying concepts behind NIDS are not absolutely accurate. Intrusion detection systems suffer from the two problems whereby normal traffic causes many false positives (cry wolf), and careful hackers can evade or disable the intrusion detection systems. Indeed, there are many proofs that show how network intrusion detection systems will never be accurate.
This doesn't mean intrusion detection systems are invalid. Hacking is so pervasive on today's networks that people are regularly astounded when they first install such systems (both inside and outside the firewall). Good intrusion detection systems can dramatically improve the security of a site. It just needs to be remembered that intrusion detection systems are backup.
Switched network (inherent limitation)
Switched networks poses dramatic problems to network intrusion detection systems. There is no easy place to "plug in" a sensor in order to see all the traffic. For example, somebody on the same switched fabric as the CEO has free reign to attack the CEO's machine all day long, such as with a password grinder targetting the File and Print sharing. There are some solutions to this problem, but not all of them are satisfactory.
Resource limitations
Network intrusion detection systems sit at centralized locations on the network. They must be able to keep up with, analyze, and store information generated by potentially thousands of machines. It must emulate the combined entity of all the machines sending traffic through its segment. Obviously, it cannot do this fully, and must take short cuts. Some typical resource issues.
Network traffic loads
Current NIDS have trouble keeping up with fully loaded segments. The average website has a frame size of around 180-bytes, which translates to about 50,000 packets/second on a 100-mbps Ethernet. Most IDS units cannot keep up with this speed. Most customers have less than this, but it can still occasionally be a concern.
TCP connections
IDS must maintain connection state for a large number of TCP connections. This requires extensive amount of memory. The problem is exacerbated by evasion techniques, often requiring the IDS to maintain connection information even after the client/server have closed it.
Long term state
A classic problem is "slow scans", where the attacker scans the system very slowly. The IDS is unable to store that much information over that long a time, so is unable to match the data together.
Attacks against the NIDS
The intrusion detection system itself can be attacked in the following ways.
Blind the sensor
Network intrusion detection systems are generally built as "passive monitors" from COTS (commercial-off-the-shelf) computers. The monitors are placed alongside the networking stream, not in the middle. This means that if they cannot keep up with the high rates of traffic, they have no way to throttle it back. They must start dropping packets. Not only will the sensor start dropping packets, high traffic rates can completely shut down the sensor. Therefore, an intruder can attack the sensor by saturating the link.
Blind the event storage (snow blind)
The 'nmap' port scanning tool contains a feature known as "decoy" scans. It scans using hundreds of spoofed source addresses as well as the real IP address of the attacker. It therefore becomes an improbable task for the administrator to find discover which of the IP addresses was real, and which was one of the decoy addresses. Any attack can be built from the same components. A massive attack with spoofed addresses can always hide a real attack inserted somewhere inside. Administrators would be hard pressed to discover the real attack inside of all that noise.
These two scenarios still retain forensics data, though. If the attacker is suspected, the data is still there to find. Another attack is to fill up event storage. When the database fills up, no more attacks will be discovered, or older attacks will be deleted. Either way, no evidence exists anywhere that will point to the intruder.
Simple evasion
This section describes simple evasion tactics that fool basic intrusion detection systems.
Fragmentation
Fragmentation is the ability to break up a single IP packet into multiple smaller packets. The receiving TCP/IP stack then reassembles the data back again before forwarding the data back up to the application. Most intrusion detection systems do not have the ability to reassemble IP packets. Therefore, there exist simple tools that can auto-fragment attacks in order to evade IDS.
Slow scans
Because of the volume of traffic on the wire, NIDS have difficulty maintaining long-term traffic logs. It is therefore difficult to detect "slow scans" (ping sweeps or port-scans) where intruders scan one port/address every hour.
Coordinated, low-bandwidth attacks
Sometimes hackers get together and run a slow scan from multiple IP addresses. This make it difficult for an intrusion detection system to correlate the information.
Address spoofing/proxying
One goal of intrusion detection is to point fingers at who is attacking you. This can be difficult for a number of reasons. In 'Smurf' attack, for example, you receive thousands of replies from a packet that you never sent. The NIDS can detect those replies, but cannot discover who sent the forged packet.

CONCLUSION
As IDS technologies continue to evolve, they will more closely resemble their real-world counterparts. Instead of isolated sensor units, the IDS of the future will consist of sensor units that report to master visualization consoles which are responsible for checking whether alerts from the sensors agree or correlate to likely event-chains. In the future, IDS, firewalls, VPNs, and related security technologies will all come to interoperate to a much higher degree. As IDS data becomes more trustworthy because of better coverage, firewalls and VPN administrators will be more comfortable with reacting based on the input from the IDS. The current generation of IDS (HIDS and NIDS) are quite effective already; as they continue to improve they will become the backbone of the more flexible security systems we expect to see in the not-too-distant future.

REFERENCES
¢ iec.org
¢ ciscoasiapac/security
¢ securitymetrics.com
¢ robertgrahampubs/network-intrusion-detection.html
¢ intrusion.com
CONTENTS
¢ Introduction
¢ Definitions
¢ What is intrusion?
¢ What is an IDS?
¢ Need for IDS
¢ Who are attacked
¢ How are they attacked
¢ Types of IDS
¢ Network based IDS
¢ Host based IDS
¢ Working of IDS
¢ Anomaly detection
¢ Signature recognition
¢ NIDS fights back
¢ Benefits of an IDS
¢ IDS and Firewalls
¢ Limitations of IDS
¢ Conclusion
¢ References

ACKNOWLEDGEMENT
I express my sincere gratitude to Dr. Agnisarman Namboodiri, Head of Department of Information Technology and Computer Science , for his guidance and support to shape this paper in a systematic way.
I am also greatly indebted to Mr. Saheer H. and
Ms. S.S. Deepa, Department of IT for their valuable suggestions in the preparation of the paper.
In addition I would like to thank all staff members of IT department and all my friends of S7 IT for their suggestions and constrictive criticism.
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
vinodrocks
Active In SP
**

Posts: 1
Joined: May 2010
#2
13-05-2010, 03:23 PM

plz send me complete project and implimentation report
Reply
seminar presentation
Active In SP
**

Posts: 582
Joined: Apr 2010
#3
13-05-2010, 03:47 PM

hey...
please download complete project and implimentation report from attachment in word format ....

cant you see it on top....
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
project report helper
Active In SP
**

Posts: 2,270
Joined: Sep 2010
#4
12-10-2010, 12:20 PM


.ppt   IDS260809.ppt (Size: 96 KB / Downloads: 208)
Intrusion Detection System

Presented by

Krishna Das
Mizoram University.
mzu.edu.in

Intrusion Detection System

An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet.

=These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees.

=An IDS cannot directly detect attacks within properly encrypted traffic
Reply
project report helper
Active In SP
**

Posts: 2,270
Joined: Sep 2010
#5
12-10-2010, 02:59 PM




.pptx   NIDS.pptx (Size: 288.17 KB / Downloads: 115)
Intrusion detection system IDS seminar and presentation report.doc
Presented By:-
1) Amol Mane(1959)
2)Jyoteeram Mane(1960)
3)Sagar Pawar(1961)
4)Sharad Chormale(196
Under the Guidance of
Mr. S. V. Patil.

ABSTRACT

Internet Information Services (IIS) web servers “ which host web pages and serve them to users “ are highly popular among business organizations, with over 6 million such servers installed worldwide. Unfortunately, IIS web servers are also popular among hackers and malicious fame-seekers “ as a prime target for attacks. As a result, every so often, new exploits emerge which endanger your IIS web server™s integrity and stability. Many administrators have a hard time keeping up with the various security patches released for IIS to cope with each new exploit, making it easy for malicious users to find a vulnerable web server on the Internet. Immediate Intrusion Detection suggests that all of these vulnerabilities the same system files, careful monitoring of these files could provide you with an inexpensive form of real-time intrusion detection. The market is currently filled mostly by rule-based IDS solutions aiming at detecting already known attacks by analysing traffic flow and looking for known signatures. This fact requires such IDS to be under constant construction updating and modifying attack signatures and requiring to pay considerable financial amount for support. On the other hand it is possible to use anomaly based IDS solutions detecting not just known attacks but also unknown attacks and informing network engineers about possible network problems or helping them to troubleshoot them. The market is currently filled mostly by rule-based IDS solutions aiming at detecting already known attacks by analysing traffic flow and looking for known signatures. This fact requires such IDS to be under constant construction updating and modifying attack signatures and requiring to pay considerable financial amount for support. On the other hand it is possible to use anomaly based IDS solutions detecting not just known attacks but also unknown attacks and informing network engineers about possible network problems or helping them to troubleshoot them.


Reference: topicideashow-to-intrusion-detection-system-ids-seminar and presentation-report#ixzz128Q1ElWP
Reply
seminar surveyer
Active In SP
**

Posts: 3,541
Joined: Sep 2010
#6
18-10-2010, 10:04 AM


SUBMITTED BY:
SUMANTA KUMAR DAS


.doc   INTRUSION DETECTION SYSTEM.doc (Size: 400.5 KB / Downloads: 132)


Abstract

An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.


Introduction

An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.


IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.

Hence we need IDS in our regular use of network. as it may protect us from malicious activities which are invisible to us but they are lightly or severely harmful for us . so IDS is important for home user, server, workstations, govt security portal etc.
Reply
seminar class
Active In SP
**

Posts: 5,361
Joined: Feb 2011
#7
17-03-2011, 09:44 AM

Submitted by:
Ms. Sonali Satapathy


.doc   my seminar report.doc (Size: 457 KB / Downloads: 68)
INTRODUCTION
In the last few years, the networking revolution has finally come of age. More than ever before, we see that the Internet is changing computing, as we know it. The possibilities and opportunities are limitless; unfortunately, so too are the risks and chances of malicious intrusions.
It is very important that the security mechanisms of a system are designed so as to prevent unauthorized access to system resources and data. However, completely preventing breaches of security appear, at present, unrealistic. We can, however, try to detect these intrusion attempts so that action may be taken to repair the damage later. This field of research is called Intrusion Detection.
INTRUSION DETECTION SYSTEM
An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.
Organizations use intrusion detection and prevention system(IDPSs) for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding.
An intrusion detection system (IDS) is essentially a burglar alarm system for the network. It enables us to monitor our network for intrusive activity. When intrusive activity occurs, our IDS generates an alarm to let us know that the network is possibly under attack. Like regular burglar alarms, however, IDS can generate "false positives" or "false alarms".
What is false positives/false alarms and false negatives?
A false positive occurs when IDS generates an alarm from normal user activity. If IDS generates too many false positives, then we will lose confidence in the capability of IDS to protect the network.
Example:- If a burglar alarm that continually goes off incorrectly, the police will become conditioned to the fact that the establishment is prone to false alarms. During an actual break-in, the police may not respond as quickly, thinking that the alarm is just another false alarm. Therefore, it is crucial that IDS configured to minimize the number of false positives that it generates.
False negatives is a situation in which an attack occurs against the network, and IDS fails to alarm even though it is designed to detect such an attack. IDS should almost never generate false negatives. In fact, it is preferable for IDS to actually generate more false positives rather than generating any false negatives.
THREATS OF SECURITY
Threats can be seen as potential violations of security and exist because of vulnerabilities, i.e. weakness, in a system. There are two basic types of threats: accidental threats and intentional threats.
Accidental Threat:
An accidental threat can be manifested and the result is either an exposure of confidential information or cause of an illegal system state to occur i.e. modification of an object.
Exposures can emerge from both hardware and software failures as well as from user and operational mistakes thus resulting in the violation of confidentiality.
It can also be manifested as modification of an object, which is the violation of object integrity. An object here can be both information and resource.
Intentional Threat:
An intentional threat is an action performed by an entity with the intention to violate security. Examples of attacks are interruption, modification, interception and fabrication of data.
NEED FOR INTRUSION DETECTION
Due to increased connectivity (especially on the Internet), and the vast spectrum of financial possibilities that are opening up, more and more systems are subject to attack by intruders. These subversion attempts try to exploit flaws in the operating system as well as in application programs and resulted in spectacular incidents.
There are two ways to handle subversion attempts.
 Prevent subversion itself by building a completely secure system.
 Protect data by various cryptographic methods and very tight access control mechanisms.
However this is not really feasible because:
1. In practice, it is not possible to build a completely secure system. Designing and implementing a totally secure system is an extremely difficult task.
2. Cryptographic methods have their own problems. Passwords can be cracked, users can lose their passwords, and entire crypto-systems can be broken.
3. Even a truly secure system is vulnerable to abuse by insiders who abuse their privileges.
4. Relationship between the level of access control and user efficiency is an inverse one, which means that the stricter the mechanisms, the lower the efficiency becomes.
So if there are attacks on a system, it is required to detect them as soon as possible and take appropriate action. This is essentially what an Intrusion Detection System (IDS) does.
TRIGGERING MECHANISM
To protect the network, IDS must generate alarms when it detects intrusive activity on the network. Different IDSs trigger alarms based on different types of network activity. The two most common triggering mechanisms are the following:
• Anomaly detection
• Misuse detection
Besides implementing a triggering mechanism, IDS must somehow watch for intrusive activity at specific points within the network. Monitoring intrusive activity normally occurs at the following two locations:
• Host-based
• Network-based
a) Anomaly Detection
With anomaly detection, its required to create a profile for each user group on the system. These profiles can be built automatically or created manually. How the profiles are created is not important as long as the profiles accurately define the characteristics for each user group or user on the network. These profiles are then used as a baseline to define normal user activity. If any network activity deviates too far from this baseline, then the activity generates an alarm. Because this type of IDS is designed around user profiles, it is also sometimes known as profile-based detection.
Reply
seminar tips
Super Moderator
******

Posts: 8,857
Joined: Oct 2012
#8
05-11-2012, 01:08 PM

to get information about the topic "TripWire is an Intrusion Detection System(IDS)" full report ppt and related topic refer the link bellow

topicideashow-to-intrusion-detection-system-ids-seminar and presentation-report

topicideashow-to-intrusion-detection-systems-download-full-seminar and presentation-report
Reply
study tips
Super Moderator
******

Posts: 10,180
Joined: Feb 2013
#9
22-02-2013, 11:16 AM

Intrusion Detection System (IDS)


.docx   Intrusion Detection.docx (Size: 31.31 KB / Downloads: 16)

Abstract

Project Monitoring System is of practical interest in many applications such as its produces graphical analysis for project and implimentation status and maintaining employee details with performance details. This System handles all the data at server side. Employee access all the centralized data from server to processing project and implimentation data.This system are able to handle every employee schedule details with their task.

Introduction


System Handles all the data and provides following features.
1. Maintaining Employee Details
2. Maintain project and implimentation details
3. Maintaining Task details
4. Maintain login details
5. Maintain Schedule details
6. Provide service like chatting ,texteditor etc.
7. Maintain Reminder details
8. Provide performance report
9. Provide various report .

Project Monitoring System
System Analysis :-


Existing System:

1 Existing system are semi computerized which used VB to maintain project and implimentation list and does not maintain employee task details using computer
2 This system maintain manually login and logout details for each employee.
3 Current system does not create any graphical status of project and implimentation

Proposed System:

1. Centralized database
2. System maintains all employee details and project and implimentation details
3. System maintain server client authentication
4. System handles all project and implimentation data and produces report using proper layout which is important to making decision

Advantage:

1 Using this system we are generating graphical report which plays important role to provide project and implimentation information at right time.
2 This system provides correct data of employee with their performance
3 Server provides and control employee data

Disadvantage:

1. It is used within organization with their local network.

Conclusion:-

Any organization which wants to handle their employee details with authentication can implement this system. This system provides better access and provides graphical data report to user. This system handles authentication and server maintain all the data for processing
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  REDTACTON A SEMINAR REPORT project girl 2 565 25-04-2016, 03:58 PM
Last Post: mkaasees
  DETECTION OF WORMHOLE ATTACK IN MANET seminar ideas 5 1,399 26-08-2015, 12:37 AM
Last Post: Leenas
  Cut Detection in Wireless Sensor Networks pdf project girl 2 1,272 16-07-2015, 09:21 PM
Last Post: Guest
  vowifi presentation jaseelati 0 217 02-03-2015, 01:29 PM
Last Post: jaseelati
  seminar report on cyber terrorism pdf jaseelati 0 330 23-02-2015, 01:49 PM
Last Post: jaseelati
  web operating system seminar jaseelati 0 320 17-02-2015, 02:20 PM
Last Post: jaseelati
  abstract cybercrime and security paper presentation jaseelati 0 291 13-02-2015, 02:01 PM
Last Post: jaseelati
  seminar report on internet of things jaseelati 0 378 29-01-2015, 04:51 PM
Last Post: jaseelati
  analysis on credit card fraud detection methods ppt jaseelati 0 154 22-01-2015, 02:45 PM
Last Post: jaseelati
  nano ic engine seminar report jaseelati 0 321 21-01-2015, 01:43 PM
Last Post: jaseelati