Detecting Evasion Attack at High Speed without Reassembly Presented by C.W. Hon K.K. To 26/Mar/2007
1 Detecting Evasion Attack at High Speed without Reassembly Presented by C.W. Hon K.K. To 26/Mar/2007
External attack Internet DMZONE Enterprise switch DNS WEBMAIL Internal servers Clients
2 External attack DNS WEB MAIL DMZONE Enterprise switch Internal servers Clients
Internal attack Internet DMZONE Enterprise switch DNS WEBMAIL IPS IPS Internal servers Clients
3 Internal attack DNS WEB MAIL DMZONE Enterprise switch Internal servers Clients
IDS/PS integration Internet DMZONE Enterprise switch DNS WEBMAIL IPS IPS Internal servers Clients
4 IDS/IPS integration DNS WEB MAIL DMZONE Enterprise switch Internal servers Clients
DS/IPS IDS- Reactive approach Ps- Proactive approach iPS differs from idS in that it takes a proactive approach to attacks-eg blocking the packets concerned -rather than a reactive approach e.g. triggering human intervention
5 IDS/IPS IDS – Reactive approach IPS – Proactive approach IPS differs from IDS in that it takes a proactive approach to attacks - e.g. blocking the packets concerned - rather than a reactive approach - e.g. triggering human intervention