StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...

Network Intrusion Detection and Forensics - Dissertation Example

Cite this document
Summary
This report contains details of research of two open source Network Intrusion Detection Systems (NIDS), Snort and Bro, and compares then in terms of performance, strength and features to determine which of them offers superior service in intrusion detection…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.3% of users find it useful
Network Intrusion Detection and Forensics
Read Text Preview

Extract of sample "Network Intrusion Detection and Forensics"

Download file to see previous pages

The paper tells that computers have come to assume in all aspects of our lives, and the lack of reliable networks in modern computing environments in plainly inconceivable. The supremacy of information technology in running many modern systems hinges on the continued reliability of computer networks. Without stable computer network systems, many simple computing activities we have come to assume as part of our daily routines: sending emails, browsing the web, making business communications, and maintaining social contacts would be in severe jeopardy.

Malicious use of computer networks would completely compromise our computing experience and the utilization of these indispensable network tools. Network Intrusion Detection Systems (NIDS) are partly the reason behind the continued security in computer systems around the world. The NIDS systems detect illicit use of computer networks, alert network administrators, create reports in the system through their logging abilities, and try to prevent harm to the network by malevolent network users. However, many users of computer networks lack access to decent NIDS systems available commercially.

Part of the reason why many computer users stave off the commercially available NIDS systems is the prohibitively costs. Another reason for the unattractiveness of several commercial network-based IDS is traceable to their complex deployment, configuration, and implementation procedures, which normally require technical assistance. Over the past decade, open source NIDS systems have come to define the NIDS landscape. Currently, the leading NIDS system in terms of user base been Snort, a lightweight open source NIDS.

The purpose of this project is to make comprehensive comparison of two open source NIDS, Snort and Bro. Keywords: Snort, Bro, NIDS, Table of Contents Abstract 2 Table of Contents 3 1.INTRODUCTION 4 2.BACKGROUND TO THE PROBLEM 5 3.OVERVIEW OF NETWORK INTRUSION DETECTION SYSTEMS 5 3.1 The Roles of NIDS 5 3.2 Difference of NIDS with Firewalls 7 3.3 Limitations of the Network Intrusion Detection Systems 7 3.4 Network Intrusion and Detection System Alert Terminologies 8 4.RECENT DEVELOPMENTS IN INTRUSION DETECTION SYSTEMS 9 5.

DIFFERENT METHODS OF INTRUSION DETECTION 10 5.1 Statistical Anomaly-Based Intrusion System 10 5.2 Signature-Based Intrusion Detection 10 6.NETWORK INTRUSION DETECTION SYSTEMS 11 6.1 Snort 11 6.2 Bro 11 6.3 PHAD 11 6.4 NetSTAT 12 6.5 EMERALD 12 6.6 Suricata 13 7.TESTING AND EVALUATION METHODOLOGY 13 8.ANALYSIS OF SNORT AND BRO 14 8.3 Common Characteristics of Snort, Bro, Suricata, and NetSTAT 16 8.4 Differences between Snort, Bro, Suricata, and NetSTAT 17 8.5 Major Strengths of Snort 19 8.6 Major strengths of Bro 21 8.

7 Major strengths of Suricata 21 8.8 Major strengths of NetSTAT 22 8.9 Major Weaknesses of Snort 22 8.10 Major Weaknesses of Bro 22 8.11 Major weaknesses of Suricata 23 8.12 Major weaknesses of NetSTAT 23 9. RESULTS FOR SNORT AND BRO 23 9.1 Capabilities of Snort and Bro to Identify Security Threats and Network Violations 23 9.1.1 Bro Architecture 23 9.1.2 Bro Network Intrusion Detection Mechanism 25 9.1.3 Snort Architecture 26 9.1.4 Snort Network Intrusion Detection Mechanism 26 9.1.5 Suricata’s Network Intrusion Mechanism 27 9.1.6 NetSTAT Capabilities to detect security threats and network violations 28 9.

2 Comparison of Snort’s, Bro’s, Suricata’s and NetSTAT’s Performance 28 10. RECOMMENDATIONS AND CONCLUSIONS 29 10.1 Recommendations 29 10.2 Conclusions 30 References 33 1. INTRODUCTION The essentiality of network protection is unquestionable, especially with the ever-growing relevance of computer networks in many facets of our society. Many things, ranging from trade, governance, education, communication, and research rely heavily on computer networks. The vulnerability of networks to breakdowns after attack can be expensive and disastrous.

...Download file to see next pages Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Network Intrusion Detection and Forensics Dissertation”, n.d.)
Retrieved from https://studentshare.org/information-technology/1394856-network-intrusion-detection-and-forensics
(Network Intrusion Detection and Forensics Dissertation)
https://studentshare.org/information-technology/1394856-network-intrusion-detection-and-forensics.
“Network Intrusion Detection and Forensics Dissertation”, n.d. https://studentshare.org/information-technology/1394856-network-intrusion-detection-and-forensics.
  • Cited: 0 times

CHECK THESE SAMPLES OF Network Intrusion Detection and Forensics

Digital Forensic Tools

The purpose of the present essay "Digital Forensic Tools" is to discuss the value of information technology contribution in forensics practice.... In spite of all these features, NFAT does not support overall detection of live network traffic.... In spite of all these features, NFAT does not support overall detection of live network traffic.... The study will talk about some general network forensic for capturing and examining data that is traveled within the network....
4 Pages (1000 words) Essay

Computer Forensics in Biology

These solutions include intrusion detection system (IDS), internet security system, biometric security system, net privacy system, firewall set-ups, network disaster security system, identity theft prevention system, identity management security system, and so on (Vacca 146).... The paper “Computer forensics in Biology” seeks to evaluate computer forensics or cyber forensic, which is a very crucial topic in information systems and network management....
5 Pages (1250 words) Research Paper

Digital Forensic Investigation

This paper "Digital Forensic Investigation" discusses sources of data used during the investigation of digital forensics in an effective and legal way, and prioritize discussed data sources according to three different events of network intrusion, malware installation, and insider file detection.... This discussion will be helpful for network administrators in understanding different aspects of computer forensics, which will help them in ensuring greater security of their organizations strategically....
8 Pages (2000 words) Case Study

The History of Computer Forensics

In other words, computer forensics is application of the scientific method to digital media in order to establish information for judicial review.... Mostly, computer forensics experts investigate data storage devices, either fixed like hard disks or removable like compact disc and solid-state devices.... The work of a computer forensics expert is to identify sources of documentary or other digital evidence, preserve the evidence, analyze the evidence, and present the finding....
24 Pages (6000 words) Essay

Fault tolerance and system/network survivability

The security of these computer network systems are required to be established to support the new development of a Computer Forensic division called SCORP forensics.... hellip; This establishment is part from a large Law Enforcement and IT consulting company called SCISCORP. SCORP forensics will be erected in Sydney metropolitan area in down-south Australia to cater for the capital city's law enforcement agencies and the local New South Wales (NWS) police force....
13 Pages (3250 words) Essay

Selecting Forensic Tools

Quoting from the FBI, Oseles (2001) quite effectively highlights the importance of computer forensics by defining it as "the science of obtaining, protecting, retrieving, and presenting information that has been processed electronically and stored on computer.... As indicated in this definition, computer forensics involves the extraction of information which is invariably embedded on a computer or network's storage system and deciphering it for the purposes of constructing a chain of events which led to the unauthorized intrus ion/attack....
4 Pages (1000 words) Essay

Forensics Based On Evidence Gathered With Peep Attacks

A Peep attack is one of the most notorious hacking tools, based on the Robot network (Botnet) Structure.... A Botnet can run programs under the control of a managed network infrastructure.... Although differing somewhat from the original definition of IRC Botnets, a huge network of zombie computers is...
15 Pages (3750 words) Essay

Challenges Faced by Cyber Forensic Experts in Search of Digital Evidence

This paper "Challenges Faced by Cyber Forensic Experts in Search of Digital Evidence" examines cyber forensics, by looking at the process and its applicability in contemporary society.... nbsp;Computer forensics has turned out to be a progressively significant tool in the steady fight against cybercrime.... As a basic constituent to incident response potential, Casey (2004) argues that cyber forensics allow for the compilation, assessment, scrutiny, and reporting of event information....
18 Pages (4500 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us