Intrusion Detection and Prevention Systems - Report Example

? Securing Networks Supervisor] Table of contents Table of contents 2 3 Introduction 4 Network switches and routers 4 Main features and functions: 4 Threats and Vulnerabilities: 5 Measures that can be taken: 6 Firewalls, IDS and IPS 7 Main features and functions: 7 Security issues: 8 Measures that can be taken: 8 Conclusion 9 List of References 10 Abstract Network components such as switches, routers, firewalls and IDPS are frequently used in a network topology. The security risks that are associated with the implementation of these devices are usually ignored. This paper would discuss the various functions of Switches, routers, firewalls and IDPS and would look over the security risks that are associated with these components. Furthermore the paper would also state the methods to mitigate the effects of these threats that have been suggested by various authors and experts. The results of the research have proven a few things. The first finding is that switches and routers are some of the safest devices that are used to connect two different networks or different parts of a network. Other than that firewalls must always be obtained from authentic vendors, as there are individuals who disguise malware in the form of firewalls to gain access to personal computers. The third finding is regarding IDPS. These systems are relatively new and more research needs to be carried out before these systems are perfected and made available for use by the mass population. Securing Networks Introduction The invention of internet brought with it multiple opportunities. Internet helped people share, store and manage data in a completely new way. Access to data became easier and faster than ever before. Where many saw internet as a tool to benefit mankind others saw the internet as a tool to gain unauthorized access to private data. These individuals were tagged as hackers and were recognized as huge threats to companies (Trigaux, 2000). To tackle of this new threat of hackers, focus of many IT specialists turned to the security details of various devices and on securing various vulnerable points through which an individual could gain access to the network. This paper would take a look at some of the components that are used in a network assess the various threats and vulnerabilities a network faces by using those components. Moreover this paper would also suggest various methods with which these threats and vulnerabilities could be mitigated. Network switches and routers Main features and functions: Switch is a device used for the purposes of telecommunication that connects various network parts of a network to each other or connects a particular device to the network. A switch receives signals from a particular device and sends those signals to the device for which they were meant. This is one of the reasons why switches are more popular than hubs. Switches are crucial to the working of Local Area Networks (LAN) with a number of switches being a part of an average sized LAN topology (DiMarzio, 2001). The switch creates a different collision domain for every port on the network by working at the data link layer of the OSI model. That means that conversations between two different pairs of users would not be hindered with the use of a switch. Using a full duplex channel the two different pairs of users can even communicate with each other (DiMarzio, 2001). Routers on the other hand are used to connect two or more than two different networks to each other. Once the router receives the data packet it reads the address on the packet that informs the router where the packet has to go. Once the address is extracted the router uses its routing table to determine the network address of the packet’s destination. Form the above stated functions one can say that the router directs all the traffic on the network. The process of directing a data packet continues until the packet reaches the node it was meant for (The TCP/IP Guide, 2005). When more than one router is used to connect multiple networks, a dynamic routing protocol is used to help routers exchange information regarding the addresses of nodes on the network. The routers on any network construct a preferred path between two nodes on a network. To cope with different communication protocol standards firmware are used in routers (The TCP/IP Guide, 2005). Threats and Vulnerabilities: Regarding security hubs have been known to cause some problems that aid hackers in carrying out DoS attacks against networks. These problems are listed below: 1) In some cases the router was unable to process the IPv6 packets that are contain specially crafted routing heads. The IPv6 is basically a combination of specifications that allows the availability of a number of IP addresses over the internet. The failure to process IPv6 data packets can cause the machine to crash and make the effects of DoS attack more prominent (Cisco, 2007). 2) Routers can sometimes be vulnerable to a crafted IP option. Use of an arbitrary code is very much possible through this vulnerability which in turn can be used for a DoS attack. This type of vulnerability deals with the software of the router rather than the hardware (Cisco, 2007). As far as switches go these devices are quite secure and vulnerabilities are hard to find in switches. However there is a vulnerability that is found in a switch. Exploitation of this vulnerability would allow any user of the network to alter the settings and configuration of switches. Moreover these users could upload an arbitrary code to these switches destroying the functionality of the switch. Switches normally contain a secondary password that provides access to users in case they forget their primary password. The access through the secondary password removes all the security procedures. By obtaining a legitimate username and using the secondary password the perpetrator could easily gain privileges of the account he has accessed. Access through secondary password would also enable the perpetrator to reduce the traffic that passes through the switch (J-Security center, 2009). Measures that can be taken: In order to mitigate the vulnerability regarding the routers Cisco has developed software that can be downloaded for free. The software mitigates the effects of the vulnerability and prevents the device from being open to DoS attack (Cisco, 2007). The software is basically an upgrade to the IOS that is used by Cisco routers (Cisco, 2007). Preventive measures regarding the mitigation of threats to the security of a switch are relatively simple. The secondary password can only be used by a perpetrator if they obtain the user ID of an authentic user. Usually the perpetrator would try and obtain the password through social engineering. Social engineering is a process through which individuals gather information to commit various illegal acts online (Anderson, 2008). These methods range from phishing to pretexting. In such cases the victims have to be very careful and would have to make sure they under no circumstances share their user ID with anyone (Goodchild, 2012). Firewalls, IDS and IPS Main features and functions: Firewall is a security system that makes use of various hardware and software components. The main function of firewall is to monitor the traffic that enters and leaves the network. Firewall allows traffic to flow from and to the network to outside networks only when it establishes the fact that the outside network is reliable and safe (Oppliger, 1997). Firewall has become one of the most popular security systems in the world. Almost every personal computer has been implemented with a hardware based firewall or software based firewall and in some cases a mixture of both. Routers have been known to use firewalls as a part of their security system and in some cases firewalls perform routing functions themselves (Check Point technologies, 2013). Intrusion detection and prevention systems (IDPS) are devices that monitor the situation of the network and help detect any kind of malicious activity within the network. After detection of such activity the system records the nature of the activity and then tries to prevent the activity from being carried out (Scarfone & Mell, 2007). IDPS uses three methods to detect intrusion within a network. The first is method is known as signature based detection. Signature Based Detection method uses signatures and patterns of an attack that are predefined within the system. The system tries to locate such patterns within the network (Whitman & Mattord, 2009). The second method is called Statistical anomaly based detection. This method creates a baseline from the normal network traffic and then chooses samples from the network traffic to compare with the baseline. Anything that deviates from the baseline is recorded as an intrusion (Scarfone & Mell, 2007). The third method is known as Stateful Protocol Analysis Detection and it uses a predefined profile of benign activities to compare with the activities of the network (Balzarotti et al., 2009). Security issues: There have been a number of vendors on the internet that distribute malware in the name of firewall. These malwares alter and sometimes even disable the security policies of the targeted computer. The removal or compromise in the security policy of the computer allows all the traffic to pass through to the computer without being monitored or filtered (Messmer, 2011). One of the main issues with IDPS is the false positives and false negatives. False positives occur when IDPS detects an authentic activity on the network that is out of the normal and considers it to be a malicious attack onto the network. This results in the blockage of service to authentic users. In the case of false negative IDPS regards a malicious activity as a normal activity and lets it pass through to the network. Moreover as traffic on the network increases the performance of IDPS is compromised. As the traffic increases IPDS drops packets. Through these dropped packets malicious traffic can easily enter the network (Ierace & Bassett, 2005). Measures that can be taken: Firewall software must only be used that have been authenticated and are distributed by official vendors. These vendors provide authentic software that filter out various malicious software and malware. Authentic software also blocks malwares, Trojan programs and spywares from entering the system. Other than that authorized firewalls filter out various phishing e-mails that are used by hackers to obtain user logins and passwords from their victims. Moreover specialized firewall software can even be used to ward of DDoS attacks from various botnets (checpoint software, 2008). To prevent false positives and false negatives from occurring it is recommended by experts that multiple methods are implemented within the IDPS. By using multiple methods the system would be able to compare the results of every method regarding the traffic and would easily be able to isolate the anomaly from the traffic. Furthermore system administrators could help train the IDPS to detect malicious activities and allow regular activities to pass through. The training of IDPS is usually carried out in the design phase of the system. The system administrator would also have to update the system for any new threats that develop over time (Ierace & Bassett, 2005). New developments have been made regarding IDPS devices that can handle large amounts of data ranging well into the Gigabytes. Network administrators have a responsibility of recommending IDPS devices that suit the bandwidth of the network (Ierace & Bassett, 2005). Conclusion This paper has discussed the various aspects of issues regarding security that can occur by implementing firewalls, IDPS, switches and routers. Moreover this paper has provided recommendations that can help overcome these issues. Switches and routers are devices that connect various parts of networks to each other. Switches are famous for being secure devices. Rarely has there been a security problem with proper configured switches. The feature that sets switches apart from other devices is that it sends data packets to the targeted computers only. Same is the case with routers, routers have been regarded as safe devices because they route data packets only to the destination of the packet. By creating a preferred path routers make it easy to transmit data. IDPS have been around for some time now and there has been some advancement made in the past few years. However more research is required as the system still has a number of flaws that render the purpose of the system, which is prevention of malicious activities, useless. List of References Anderson, R. J., 2008. Security engineering: a guide to building dependable distributed systems. Indianapolis: Wiley publishers. Balzarotti, D., Jha, S. & Kirda, E., 2009. Recent Advances in Intrusion Detection: 12th International Symposium, RAID 2009, Saint-Malo, France, September 23–25, 2009, Proceedings. New York: Springer. Check Point technologies, 2013. Firewall. [Online] Available at: [Accessed 22 May 2013]. checpoint software, 2008. What's a Firewall to Do? Six Defenses Beyond the Perimeter. [Online] Available at: [Accessed 22 May 2013]. Cisco, 2007. Crafted IP Option Vulnerability. [Online] Available at: [Accessed 21 May 2013]. Cisco, 2007. IPv6 Routing Header Vulnerability. [Online] Available at: [Accessed 21 May 2013]. DiMarzio, J., 2001. Network Architecture and Design: A Field Guide for It Consultants. Indianapolis: Sams Publishing. Goodchild, J., 2012. Social Engineering: The Basics. [Online] Available at: [Accessed 21 May 2013]. Ierace, N. & Bassett, R., 2005. Intrusion Prevention System. [Online] Available at: http://ubiquity.acm.org/article.cfm?id=1071927 [Accessed 22 May 2013]. J-Security center, 2009. Switch vulnerability. [Online] Available at: [Accessed 21 May 2013]. Messmer, E., 2011. Firewall security issue raised in report ignites vendors' ire. [Online] Available at: [Accessed 22 May 2013]. Oppliger, R., 1997. Internet Security: FIREWALLS and BEYOND. Communications of the ACM , 40(5), pp. 92-102. Scarfone, K. & Mell, P., 2007. NIST – Guide to Intrusion Detection and Prevention Systems (IDPS), Washington D.C: NIST. The TCP/IP Guide, 2005. Overview Of Key Routing Protocol Concepts: Architectures, Protocol Types, Algorithms and Metrics. [Online] Available at: [Accessed 21 May 2013]. Trigaux, R., 2000. A history of hacking. [Online] Available at: [Accessed 21 May 2013]. Whitman, M. E. & Mattord, H. J., 2009. Principles of Information Security. New York: Cengage Learning. Read More