Purpose of Intrusion Detection and Detection Techniques - Coursework Example

Running head: Intrusion Detection Network Security Management Intrusion Detection Xiaoxi Yang ITEC6109042 November 2009 Table of Contents Table ofContents 2 Intrusion Detection 4 Purpose of IDSs and Detection Techniques 5 SNORT 5 Old Snort Operational Difficulties 6 Abstract In the last few years, the revolution in network technology has offered great advantages in the form of development of the communication network and data sharing structures. This development has global village based-era due to the miracles and revolution of the new networking technology. The overall structure of the Internet has completely changed also it has improved the computing and information technology structure. Due to extensive enhancements of the Internet and networking technology there some negative aspects are also emerged. These negative aspects can include the user or organizational information, data theft and various other threats. At this time it is extremely significant that systems need to be designed in a way that they could stop unauthorized access to organizational, business, or individual’s system resources and data. As, at the present, all the preventing techniques of security appear impractical. Though, we can try to identify and detect these intrusion crack/breaks or attempts hence that action can be taken to fix the damage later. This area or paradigm of the networking technology is acknowledged Intrusion detection. Anderson (1980) has initially established the concept of the intrusion detection in 1980. According to (Anderson, 1980), intrusion detection is a way through which a threat or intrusion attempts plan unauthorized attempt to (Anderson, 1980) This research is going to provide an insight into the IDS or Intrusion detection systems. These IDS are developed for ensuring the critical network security. The research will offer a deep and comprehensive overview of the re-architecting that is incorporating cutting-edge ideas in intrusion detection prevention system design. Intrusion Detection Network intrusion involves discovering attempted or applied intrusions into a network to establish suitable countermeasures to the growing threat of data hacks. Good place to show market projections on the growth of network intrusions. Intrusion detection includes an extensive collection of methods that differ on several axes. A few of these axes comprise, (Silberschatz, Galvin, & Gagne, 2004): The time period that detection takes place: in real time (while it is taking place) or following the information only. The types of input inspected to identify intrusive action. These could comprise user shell commands, process system calls, as well as network packet headers or contents. Several types of intrusions might be identified only by correlating information from various such sources. The variety of action capabilities. Basic and straightforward types of actions consist of changing an administrator of the possible intrusion or in some way halting the potentially intrusive action, for instance, killing a course of action engaged in actually intrusive activity. In a complicated type of action, a system might clearly redirect an intruder’s action to a trap. A false resource exposed to the attacker with the aim of observing and gaining information about the attack; to the attacker, the resource appears real. These levels of freedom in the design of space for detecting intrusions in systems have brought an extensive variety of solutions acknowledged as intrusions detection systems (IDS) (Silberschatz, Galvin, & Gagne, 2004). Helman, Liepins, & Richards (1992) state about the intrusion detection as an act of detecting activities and actions that effort to compromise the integrity, confidentiality or availability of network resources in any information technology structure. Helman, Liepins, & Richards (1992) stated that an intrusion detection system is an automatic system that takes preventive and stooping measures devoid of incorporating direct human intervention. This automatic prevention and intrusion detection measures make the intrusion detection more effective system for the network security management. Intrusion detection can be carried out automatically as well as manually. According to Helman, Liepins, & Richards (1992), manual intrusion detection might take place through investigating all the log files or additional facts for signs of intrusions in the system, comprising network traffic (Helman, Liepins, & Richards, 1992). According to Sundaram (1996) “an auomatic intrusion detection that performs automated intrusion detection is acknowledged as IDS or intrusion detection system” (Sundaram, 1996). An intrusion detection system can be either network based, in the host-based it checks system logs or calls, or network-based if it observes network packets flow during the commutation. Revolutionary and modern intrusion detection systems are typically a blend of these two techniques (Sundaram, 1996). Purpose of IDSs and Detection Techniques According to Bradley (2009), intrusion detection system is an application or device utilized to scrutinize the entire network traffic as well as alert the administrator or user when there has been an illegal effort or access. There are two major techniques of network traffic monitoring, one is anomaly-based and other is signature-based. Relying on the application or device utilized the intrusion detection system that would be able to either simply observe the administrator or user or it could be place up to automatically respond in some way or block specific traffic (Bradley, 2009). According to Bradley (2009), intrusion detection system is intended for the signature-based detection depends on evaluation of traffic to a database that holds signatures of previously recognized attack techniques. According to Bradley (2009) anomaly based detection in the intrusion detection system compares present network traffic to a known-good baseline to appear for something out of the normal. The intrusion detection system can be placed deliberately on the communication network as a network based intrusion detection or NIDS. This NIDS scrutinizes the entire communication network traffic. It can be installed on every individual communication system like a host-based intrusion detection or HIDS that scrutinizes traffic to as well as from that specific device (Bradley, 2009). Intrusion detection system works using a two-step procedure. The initial step involves the host-based as well as is considered the passive element, these contain: assessment of the systems configuration system files to identify settings of inadvisable; checking the system password files to check for inadvisable passwords; as well as examination of additional system regions to check for the policy violations. The next step is networks based and are considered as the active part: systems are set in place to rebuild known techniques of attack as well as to verification system reactions (searchmidmarketsecurity, 2009). SNORT SNORT is an open source and free NIPS or network intrusion prevention system. It is also taken as NIDS or network intrusion detection system (Schell & Martin, 2006). Snort is able to carry out real time traffic analysis on IP networks and packet logging. This application is written by Martin Roesch and presently this application is developed by Sourcefire. The Sourcefire Company is founded by Roesch and he is its CTO. Presently the integrated business version of the SNORT has built and commercial support services are sold through the business of the Sourcefire (Helman, Liepins, & Richards, 1992). According to Schell & Martin (2006) popular SNORT is free of charge that offers the facility for the pattern-based intrusion detection. This system is specializing in the study of network traffic detection system. By means of the huge development of the web/Internet has come a novel characteristic of network security, network based IDS Snort has tried to incorporate and handle all these features effectively (Schell & Martin, 2006). Handling, contorting, and managing security by means of Snort IDS Tools incorporate dependable techniques intended for identifying network intruders, as of by simple packet sniffers to additional sophisticated intrusion detection systems tools and the Graphical User Interfaces for handling them (Cox & Gerg, 2009). Old Snort Operational Difficulties It is significant to be familiar with that Snort that is primarily detection engine. Snort alone should not be evaluated by commercial intrusion detection systems like that Cisco Secure IDS, or ISS RealSecure that are business suites. Effectual utilization of a Snort-based network intrusion detection and security monitoring processes necessitates effectual back-end databases, user interfaces, sensor platforms as well as several other defending procedures against new attacks (Grimes, 2005). According to Ferraro (2002), the security of a Snort solution relies on the fundamental security of its host operating system as well as the safety of the Snort detection code itself (Ferraro, 2002). Some of the operating systems are basically more supportive to make certain the security as compared to others. Structuring a similar Windows-based Snort platform necessitates logically tremendous measures. Concerning the Snort code, we are able to assess its security in the course of evaluations the source our-self, or through employing a programmer to carry out this task. We can not perform that by means of any commercial offering (Ferraro, 2002). Read More