StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Traditional and Wireless IDS/IPS Techniques - Research Paper Example

Cite this document
Summary
This essay focuses on Traditional and Wireless IDS/IPS Techniques. Most IPS/IDS (Intrusion Prevention System / Intrusion detection system) programs typically use signatures of known cracker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98% of users find it useful
Traditional and Wireless IDS/IPS Techniques
Read Text Preview

Extract of sample "Traditional and Wireless IDS/IPS Techniques"

Traditional and Wireless IDS/IPS Techniques Security in terms of computer networks has marked its significance. Senior management address security issues to an optimal level and enforces strict security procedures in order to protect strategic and financial assets. Previously, firewall and other related monitoring tools were not sufficient to cater the needs for efficient security architecture. Likewise, new and improved sensing technologies are now mandatory for any organization maintaining highly classified data. Consequently, IPS/IDS (Intrusion Prevention System / Intrusion detection system) are invented. They are derived from the traditional security appliances, and defined by the computer desktop encyclopedia, as a sensor “set up to detect illegal actions within the host. Most IDS programs typically use signatures of known cracker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack. Intrusion detection is very tricky. Too much analysis can add excessive overhead and also trigger false alarm”. IDS are of many types and organizations choose the best possible type that suits their prioritized mission critical systems. The types includes network based IDS, host based IDS and software based IDS. These types are further categorized in to signature based IDS which is also referred as misuse detection, and Anomaly detection. As per the current scenario, IT administrators have analyzed that an intruder from the internal and external premises of the organization is trying to bypass a corporate access point. Before demonstrating steps for capturing and eliminating the attack, we will compare the two types of IDS/IPS i.e. Signature based IDS and Anomaly based IDS. After discussing these two basic types of IDS, we will be able to select an appropriate type of IDS for this specific scenario. Signature Based IDS The functionality of ‘signature based IDS’ is dependent on known signatures. The word ‘known’ is important because threats that are detecting so far are categorized as known threats and are called signatures. Signature based IDS only detect threats similar to the defined available signatures and do not comply with any new threat. Whereas, Anomaly based IDS detect unknown activities within the network and detect them as threats and vulnerabilities. These two IDS types comply with different types of methods, process, and various profiles. The signature based IDS analyze and identify specific patterns of attacks that are recognized by raw data that is in terms of byte sequences called strings, port number, protocol types etc. Likewise, apart from the normal operational pattern, signature based IDS detects any activity that is unusual from previously defined patterns. Moreover, the patterns are monitored with strict control algorithms. The signatures are stored in a signature repository. The prime object of a ‘signature based IDS’ is to search signatures in order to detect a threat or vulnerability that is similar to antivirus software that also detects viruses. The functionality of IDS is to detect attacks that are initiated directly towards the network. Moreover, IDS tries to identify as many events as possible and therefore generate logs. The location if IDS is behind the firewall so that it may analyze packets that are passed via a firewall. The detection engine of IDS compares predetermined rules in order to deny or accept packets. The rules are categorized in two domains i.e. Chain headers and Chain options. The structure of a signature contains the following attributes: Identification number, Message and Rule. However, in the current scenario, a threat is detected that is trying to gain access to the confidential data of the organization. Probably, signature based IDS has detected this particular threat. Anomaly Based IDS Anomaly based intrusion detection system is based on data driven methodology that complies with data mining techniques. The functionality of an anomaly based IDS involves in the creation of profiles associated with normal behavior and activities within the network. If any unknown activities initializes that is not similar to the normal profiles, is considered as anomalies or attacks. Moreover, the normal routines of normal profiles are also monitored, if they also exceeds from their given boundaries, they are also considered as anomalies also called as false positives. An efficient anomaly based IDS may extract results containing high detection success rate along with low false positive rate. Moreover, these systems are categorized in to various sub categories including data mining, statistical methodologies, artificial neural networks, immune systems and genetic algorithms. Among all of these, statistical methods are more commonly used for detecting intrusions by finding out any anomaly that has initiated within the network (Aydın, Zaim, & Ceylan, 2009). By combining these two types of IDS, network administrators eliminate or fill vulnerabilities within the network. 1.1.1 IPS/IDS Actions As threats are detected within and from an external source, network administrator will follow these steps until the threats are detected and eliminated. However, these procedural steps can be replicated (Paquet, n.d): Configuring Deny attacker inline: This feature is configured to monitor attacks from the wireless hacker on the network within a specific time. Moreover, the feature will also show the activity of eliminating the threat from the network. By reviewing frequency of attacks from internal and external premises of the organization, network administrator can assume the algorithm and techniques that are currently being used by the hacker. Configuring Deny connection inline: By configuring this option, network administers will identify the TCP stream, both internal and external, that is being used by the hacker to attack the network, and will set both of these streams to terminate. Deny packet inline: During the process, if any packets coming from the wireless stream acts abnormally can be terminated by this feature. Configuring Log attacker packets: This option logs the entries of packets from the source of attacker and transmits an alert. Configuring Log pair packets: Network administrator can also set logging for both the attack and the victim. Request block connection: On the analysis of the above mentioned steps, firewall receives a message to block the specific and identified data stream. Request block host: However, if host of the hacker is identified, firewall will block and restrict access from the host. Snort In order to deploy Snort, network administrator will inject a tracing mechanism that will collect raw data packets from the network interfaces. As per the current scenario, protocols related to wireless access will be considered i.e. WAN, SLIP, PPP, VPN by deploying kernel named as ‘Libpcap’, in order to get prepared for preprocessing mechanism in the packet decoder (Kumar, Bhaskari, Avadhani, & Kumar, 2010). Likewise, the preprocessor modifies data packets prior to their way to the detection engine, in order to analyze them and generate alerts for anomalies related to wireless attacks associated with headers of the packets. Likewise, the core function of a preprocessor is to prepare or shape the network traffic for applying rules that are applicable at the next stage that is detection engine. This is usually called as packet defragmentation. Moreover, Snort will decode HTTP and will also re construct TCP streams that are currently being used by the hackers. The detection engine is based on time and operates in an extensive evidence collection mechanism (Kumar, Bhaskari, Avadhani, & Kumar, 2010). It is time- based because, if many rules are applied, the packet processing will consume time. The detection engine of Snort, stops’ processing, whenever, a rule is matched. Network administrator will only apply rules on protocols that are currently been utilized by attackers. According to the defined parameters of a specific rule, the detection engine will log the packet or else generate an alert. Consequently, before Snort generates an alert, it makes sure that all rules are matched. The next component of Snort known as the collection engine will collectivizes evidence from the hosts and networks that is an input for a forensic investigation team. (Kumar, Bhaskari, Avadhani, & Kumar, 2010). Windump Windump will detect for any unknown malware installation on each workstation including servers on the network. The primary focus is to analyze and report any file that is installed on any workstation providing remote access to the hacker. The tool is specifically developed for supporting functions related to digital forensics investigation. The tool can specifically analyze traffic broadcasting from workstation that has a malware installed in it. Likewise, it extracts the source information from the packet header in terms of IP addresses. Moreover, the tool can also facilitate the investigation tem to filter the required information. For instance, investigation team is currently analyzing SSL packets because of an online crime. Consequently, the tool will only provide information related to SSL packets only and ignore the rest. References Ids. (2011). Computer Desktop Encyclopedia, , 1. Paquet, C.Implementing cisco IOS network security (IINS): (CCNA security exam 640-553) (authorized self-study guide) Cisco Press. Aydın, M. A., Zaim, A. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for computer network security Computers & Electrical Engineering, 35(3), 517 526. doi:10.1016/j.compeleceng.2008.12.005 Kumar, T. P., Bhaskari, L., Avadhani, P., & Kumar, P. V. (2010). Digital evidence collection in cyber forensics using snort. Proceedings of the International Conference on Information Warfare & Security, , 216-222. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Traditional and Wireless IDS/IPS Techniques Research Paper”, n.d.)
Traditional and Wireless IDS/IPS Techniques Research Paper. Retrieved from https://studentshare.org/information-technology/1431819-traditional-wireless-ids-ips-techniques
(Traditional and Wireless IDS/IPS Techniques Research Paper)
Traditional and Wireless IDS/IPS Techniques Research Paper. https://studentshare.org/information-technology/1431819-traditional-wireless-ids-ips-techniques.
“Traditional and Wireless IDS/IPS Techniques Research Paper”, n.d. https://studentshare.org/information-technology/1431819-traditional-wireless-ids-ips-techniques.
  • Cited: 0 times

CHECK THESE SAMPLES OF Traditional and Wireless IDS/IPS Techniques

Implementation of Network Management System in the Surrey University Network

The paper "Implementation of Network Management System in the Surrey University Network" explores in detail the wired network, wireless connectivity of Wembley and Harrow SITES, wireless LAN design for Camden, network management system design, and network monitoring system of the named project....
30 Pages (7500 words) Term Paper

Security Solutions for MANETs (mobile ad-hoc networks) including the development of IDS

This paper presents a comprehensive analysis mobile ad hoc security issues and offers security solutions for MANETs (mobile ad-hoc networks) including the development of ids (Intrusion Detections System).... As compared to wired communication networks, the distinctive uniqueness of mobile ad hoc networks shows a number of significant issues to network security designing structure, like that open peer-to-peer network structure, strict resource limitations, collective wireless means as well as extremely influential network physical layout or topology....
16 Pages (4000 words) Research Paper

IT Audit & Security controls at ABC Company

Some of the factors supporting rapid mobile deployment are:Availability of a variety of communication mediums and bandwidth connectivityAvailability of cheaper powerful and multi-functional Smartphones Market competitionDevelopment of easily customizable business application platformsAvailability of large number of mobile applicationsintegration of wired and wireless applications by using new technologies such as IMS, 3G networks, smart phones, and WiMAX devicesAdvantages of deploying mobile devices in organization have been tremendous....
25 Pages (6250 words) Essay

The Study of Mobile Services

They have evolved from simple user text messages services into sophisticated product offerings that are in high demand among cellular and other wireless devices that are able to receive information directly into their machines.... PDA, PSP, and IPOD are among the different electronic gadgets that are able to connect to wireless networks and receive downloads from the internet or cellular phone providers....
7 Pages (1750 words) Case Study

Designing Networks in Waxlow Private School

This paper, Designing Networks in Waxlow Private School, declares that the Internet is the fastest rising technology and has produced endless opportunities.... At the same time serving students to navigate through the dominant and greatest growing world of information is a challenge.... nbsp;… As the paper highlights, the campus area network connects with two or more networks of the educational institutes, universities or corporate campus....
28 Pages (7000 words) Research Paper

Security Solutions for Mobile Ad-hoc Networks Including the Development of IDS

The paper "Security Solutions for Mobile Ad-hoc Networks Including the Development of ids" states that mobile ad hoc networks have the capability to establish networks on the air in possible harsh situations where is not possible to set-up customary network arrangements.... This paper has also outlined some important aspects regarding the security defense with possible ids based security management at the MANET arrangement.... This paper presents a comprehensive analysis of mobile ad hoc security issues and offers security solutions for MANETs (mobile ad-hoc networks) including the development of ids (Intrusion Detections System)....
15 Pages (3750 words) Research Paper

Network and Communication Security Protocols

An anomaly-based intrusion detection system is based on a data driven methodology that complies with data mining techniques.... Incorporation of an Intrusion detection system (ids) is compulsory as it will penetrate deep in the network and detect unknown activities related to unauthorized access, viruses and hacking.... There are many types of ids, the recommended ids is an anomaly-based ids.... The functionality of an anomaly-based ids involves the creation of profiles associated with normal behavior and activities within the network....
31 Pages (7750 words) Research Paper

Enhanced Sensor-Based Intrusion Detection System

This report "Enhanced Sensor-Based Intrusion Detection System" exhibits the usefulness of Anomaly and Signature-based ids alongside its favorable circumstances and inconveniences.... It illustrates studies and explores these two ids for enhancing the detection methodology.... ccording to the network dictionary, ids is characterized as an "Intrusion detection system (ids) is a sort of security administration system for PCs and systems....
15 Pages (3750 words) Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us