Fill in the Blanks Session 03-Intrusion DetectionOnline version Subject : Security and Privacy Risks in Computer & Internet Applications Lecturer: Assoc. Prof. Dr. James Joshi Faculty: Graduate School of Information Technology Siam University, Bangkok, Thailand by Prince Parham 1 suspicious signatures hijacked TCP firewall overloading sniffing destination 1 . Common security attacks and their countermeasures : Finding a way into the network Firewalls Exploiting software bugs , buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering , IDS hijacking IPSec Packet Encryption ( SSH , SSL , HTTPS ) Social problems Education 2 . A is like a castle with a drawbridge Only one point of access into the network This can be good or bad . It can be hardware or software 3 . Intrusion Detection : Used to monitor for " activity " on a network and it can protect against known software exploits , like buffer overflows . 4 . Intrusion detection : Uses " intrusion " Well known patterns of behavior Ping sweeps , port scanning , web server indexing , OS fingerprinting , DoS attempts , etc . 5 . Denial of Service Attack : Purpose : Make a network service unusable , usually by the server or network Many different kinds of DoS attacks SYN flooding SMURF Distributed attacks Mini Case Study : Code - Red 6 . TCP attacks : Recall how IP works ? End hosts create IP packets and routers process them purely based on address alone Problem : End hosts may lie about other fields which do not affect delivery 7 . If an attacker learns the associated TCP state for the connection , then the connection can be !
New game