intrusion prevention system
DESCRIPTION
Intrusion Prevention System. Group 6 Mu-Hsin Wei Renaud Moussounda. What is IPS. IPS (Intrusion prevention system) Control access to a network Similar to firewall, but different…. What’s the difference?. Traditional firewall – examines header IPS – examines payload as well - PowerPoint PPT PresentationTRANSCRIPT
Intrusion Prevention System
Group 6
Mu-Hsin WeiRenaud Moussounda
What is IPS IPS (Intrusion prevention system)
Control access to a network
Similar to firewall, but different…
What’s the difference?
Traditional firewall – examines header
IPS – examines payload as well
DPI (Deep Packet Inspection)
DPI enables IPS to…Gather more information
Detect certain attack signatures
Control network traffic intelligently- ftp root access (user root)- HTTP content
TradeoffPayload
- no fixed fields- large in size
Requires high computing resource- CPU- memory
Hardware implementation
IDS vs IPS Intrusion Detection System (IDS):
- DPI- detects- Snort
IPS:- DPI- take action- snort_inline + iptables
Proof of concept Implement an IPS using:
- snort_inline, and- iptables
Test IPS using:- Lab4 firewall configuration- Lab6 imapd buffer overflow
Lab 4 setup
Black - attackerProtected – victimFirewall - IPS
How to capture attack?Attack using buffer overflow string
Long sequence of NOP
snort_inline checks for …90 90 90 90...
FlowProtected runs vulnerable serviceBlackHat attacks
snort_inline captures and tell iptable block traffic
Protected remains safe
IPS + Lab4 + Lab6
BlackHat, Protected, and IPS
ImplicationOne for all
Less dependent on individual server
Vulnerable service made secure
Enhanced security
What you will do in the lab?
Setup machines & install software
Perform first attack without IPS
Perform second attack with IPS enabled
Appreciate IPS/DPI
Questions
?