Host IDS

Loading...

From the course by University of Colorado System

Secure Networked System with Firewall and IDS

5 ratings

University of Colorado System

Secure Networked System with Firewall and IDS

5 ratings

Course 4 of 4 in the Specialization Fundamentals of Computer Network Security

In this MOOC, we will focus on learning how network systems are secured using firewalls and IDS. This will include understanding the basic components of network security, constructing a dual-firewall DMZ, and defining security policies to implement and enforce these rules. Building upon these lessons we will go in-depth on the popular Linux firewall. Finally we will learn about Network IDS and Host IDS, including a deep dive into Snort.

From the lesson

Intrusion Detection Systems

In this module we will introduce the Snort IDS, discuss evaluation and performance of network firewalls, and finally cover Host IDS.

Meet the Instructors

Edward Chow
Professor
Computer Science

In this lesson, we introduced host-based Intrusion Detection System.

Host Intrusion Detection System is a software program

run within a host machine.

It can be server, it can be local user machine.

It aims at detecting and examining malicious activities by

periodically monitoring and analyze log,

detecting escalating of privilege from a user or system.

For example, you switch from normal user to the one with

system admin privilege like or switching to super users.

The third one, perform the integrity check on critical file.

What are those?

Password file, configuration file,library, shell commands,

pki certificates and private key.

Network Intrusion Detection System cannot see or

interpret such actions which takes place within the host.

So host,intrusion deduction has its memory.

Tripwire is a host intrusion detection system.

The original version was developed by Purdue University in 1992 by Dr.

Eugene Spafford and his master student Gene Kim,

who is the former CTO of Tripwire.

Here is a site for downloading older versions of Tripwire.

Version 2.4.2.2 is on sourceforge.

Given the set of files to be monitored,

tripwire produces the multiple hashes of the same file,

and it saves them for future periodically verification.

Labels the severity of the violation using the color coding.

Here we show the command .com of the Windows

systems that has been modified since the expect

very of the hatch including SSA SAVAL MD5 CSC32.

Those four are all changed.

You see the left column and the right column there their value is different.

Know that a vector may not be up to changing the content for all of the hash.

It may be able to change one still matching the content but not two or more.

And what we do is save those hash and hiding somewhere.

Check against the current content.

Here we show a list of frag of win DLL library and

that has been changed from 0 to 1.

In this slide the host intrusion

detection system can be improved by allowing

the specification of export policy where the frequency and

the date for the update is enforced.

And what kind of accounts are used on how to update a file.

Any violations in terms of what is the frequency of update.

What is the date of update will be detected and blocked and

then alert raised and reported in real time to the system administration.

We should be able to including easy to use duration

compliance manager to look at all the software package.

And see how they're configured and

see whether they are what stray from the original configuration file.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play