Intrusion detection systems - Essay Example

Intrusion Detection Systems IDS is the short form for the Intrusion Detection Systems. These systems basically find out the manner in which unwanted signals towards the systems are manipulated. In fact there are a host of different kinds that come under the IDS heading. Moreover, coming to the point of these manipulations which occur in the first place, we discern that these are the usual attacks that are carried out by the hackers who are skilled and quite adept at their work and even at times, script kiddies do play these tricks whereby they make use of the automated scripts to achieve their objectives. IDS thus looks at the malicious data traffic that is taking place in computer networks as well as tries its best at finding out the spots where the firewall would not play its active part and thus seize the chance of finding the loopholes that might exist within a computer and indeed the whole of the network under question. Thus what is left unattended and undiscovered by the computer firewall is usually caught by the IDS which makes its functions look all the more imperative in the related scheme of computer networking and security issues that arise every now and then. Thus vulnerable services are saved from the attacks and applications are saved as a result of the precaution which has been applied. The components which make up the IDS include the sensors, a console and a central engine. They are briefly highlighted here. Sensors play their active part in the generation of events related with security issues. On the other hand, the second component known as the console looks at the events and after that alerts the sensors whereby it also looks at controlling them. The central engine’s responsibility is to record events and logs which are there courtesy the sensors and which are stored in a database where they are used by a system that is governed by a set pattern of rules being handled by the alerts brought forward by the security events that have been received over a period of time. Thus the manner in which an IDS is categorized holds a number of different points. This basically looks at the type as well as the location of the sensors and not to forget the method which goes back hand towards the central engine and therefore generates the alerts thus produced. It would not be wrong here to suggest that all three components of an IDS are enclosed in a single appliance or device as we may call it. In a networked system, the sensors of an IDS are found at the choke points within the very network as they have the responsibility to monitor and check for malicious data within the network and once the same has been caught then report it through alerts. After this we find out that the sensors do their bit at finding out all about the network traffic and analyzes the flows within the traffic as well as the content related with the respective packets of data transfer which could be attacked by malicious code and hence have data encrypted with the very same. In certain systems, the usage of protocol based intrusion detection systems as well as that of network intrusion detection systems is made so as to look after the transport of data and also set certain protocols over the banned and illegal traffic. Similarly, acting in a host based system, the sensor normally comprises of a software agent whose main task is to discern all kinds of activities that are going on and not to forget the host’s activity on which it is located. There are a number of hybrids for such a system which include the network intrusion detection system and protocol based intrusion detection system. The network intrusion detection system looks at the working in an independent manner whereby the same is a free and open platform as it provides for the identification of intrusions that are happening within the traffic of the computer networks as well as monitors the multiple hosts on a consistent basis. These systems receive the access towards the computer networks through the connection with a hub, a network switch which in essence has been configurable for the provision of port mirroring as well as a network tap. One major example of a network intrusion detection system is a snort. On the other hand, a protocol based intrusion detection system is one which consists of an agent, also known as the system that would normally be installed at the front end of a server whereby the role of the same would be to check for as well as analyze the mode of communication that has been happening between a connected peripheral like a user in front of a computer or even a system. In cases where web servers are installed, these protocol based intrusion detection systems determines the HTTPS protocol stream and then discerns the same in the light of the HTTP protocol that is in one way or the other connected to the web server or a system which it is protecting to the best of its abilities. The third hybrid that exists under the heading of IDS is known as the application protocol based intrusion detection system. This comprises of the agent that is installed amongst a number of different servers whereby the same looks at checking and monitoring the communication that is taking place on the application-specific protocol streams. Moreover, the analysis is also something that is being done on a continuous note and does not end here at all. To quote an example, we see that if a web server has a database then the application protocol based IDS would monitor the SQL protocol which is pretty much specific to the business login format, also known as the middleware. The reason for this is that it keeps continuing its transactions with the database on all counts. The forth hybrid is that of the host based IDS. This IDS entails an agent which is located on a host and that works at finding out the intrusions by having a complete analysis of the system calls that are made, applications logs that are filled over a period of time, the modifications, alterations and changes that take place in a file system format as well as a number of different functions that are happening in the host. The fifth and last one is known as the hybrid IDS. This basically looks at the combination of more than a single methodology. In this, the host agent data is unified with the network information so that there is a complete unison amongst the view formed up for a network. One such example of a hybrid IDS is known as the Prelude. Adding to the discussion of an IDS, we find that there is a reactive system and a passive system coming under it as well. This means that we need to establish what these are and then compare each other since they are closely in line with the intrusion detection systems. To start with, in a passive IDS, the sensor determines a security breach that could happen in the near future and thus immediately stores the pertinent information and sends an alert on the main console. On the other hand, within a reactive IDS, the same responds to the suspicious activity by taking off the user from the computer network and disabling the network traffic for him/her as well as reprogramming the manner in which the firewall has been installed. This in essence blocks the manner in which malicious data has been sent across the network and it makes sure that all doors towards hazardous content are closed immediately. This could take place either in an automatic fashion or one that is provoked by the command courtesy an operating instruction from the operator. The difference between an IDS and a firewall is one that the latter looks in an outward manner for the intrusions that might happen so as to repeatedly stop them from happening in the first place. Firewall thus makes sure that the limitations are imposed on these networks’ access points and prevention of intrusion is ensured so that there is no way in which signals of an attack from the inner side is allowed. On the other hand, an intrusion detection system makes sure that the evaluation is there when we speak of the suspected outbreak that has happened and thus sends a signal which is in the form of an alarm. Conventionally, all these activities are met with fruition by carefully monitoring the network communications that have been taken place as well as the identification of the heuristics and the related patterns which at most times are known as the signatures. These are related with the computer attacks which are quite usual now a days happening and thus action is taken urgently to alert and signal the operator running the show. Going on that token, we find out that the system which ends up these connections is known as the intrusion prevention system and thus it forms as another kind of an application-layer firewall. Millions of computer users worldwide every year lose invaluable data and information at the hands of stolen means employed by anyone sitting on a workstation thousands of miles away from the host node. Computer privacy through intrusion detection systems is one such aspect on which the researchers in the same field are working their best at. Certain ways are being devised all around the globe so as to ascertain the manner in which computer data can be kept secret from the people who are not authorized to seek it. Internet privacy of late has become a serious issue that should be tackled with immediate effect. There are many issues at stake with respect to computer privacy such as the authority to create standards regarding the usage of personal data on one’s machine as well as the right to decide how information should be manipulated and used by the consumer. No body in this whole big world owns the Internet. It is the Internet’s power that, according to some, is due to lack of censorship. It would not be wrong to state that if someone starts controlling the Internet, then this very censorship will be lost and there would be all kinds of problems for its users worldwide. Just about everyone can use the Internet as well as create a web page or a site that can target to each and every individual in the world. It is very vast and it has no range. There are certain techniques which play their active role in the evasion of intrusion detection systems. These techniques make use of the evasion done with the facilitation of the Unicode and one that employs the active participation of the modified packets. The individual role here is to ascertain how these two can determine the manner in which they catch the malware which could include the different kinds of Trojan horses, viruses and worms to name a few. The bottom line is that the IDS serves to provide a point of relief for the network administrator who is always on the lookout for loopholes that might exist with his/her system and which could in the long run tamper with the smooth functioning of the whole network. With the technology fast improving it would not be late enough to predict that we will see major wholesale changes in this department of network intrusion as well and it would not be time when we will see hackers getting frustrated as there will be beefed up security as far as the computer networks and their related traffic is concerned. All said and done, there still is a lot of need for improvement in the related sector and much needs to be done in the coming times so as to enable one and all with the smooth sailing experience of working on the computers without getting malicious data from anywhere. BIBLIOGRAPHY Intrusion Detection FAQ The SANS Institute Found Online at: http://www.sans.org/resources/idfaq/ 2006 Cordesman, Justin G & Cordesman, Anthony H Cyber-Threats, Information Warfare and Critical Infrastructure Protection: Defending the US Homeland Praeger 2002 Theirer, Adam Who Rules the Net? Internet Governance and Jurisdiction Cato Institute 2003 Intrusion Detection System Webopedia Found Online at: http://www.webopedia.com/TERM/I/intrusion_detection_system.html 2002 Word Count: 2,009 Read More