Network-Based Intrusion Detection System - Report Example

The report will demonstrate a proposed digital surveillance system for the security and protection of critical assets of the organization. Assets may include databases, servers and equipment. Moreover, other threats such as physical theft, floods, earthquakes, hacking, and unauthorized access will also be addressed. Furthermore, biometric systems will also be incorporated at the entrance/exit of critical department for tracking employee existence and activity. IP based cameras will be installed on suitable locations for tracking critical server equipment and employee activities. For detecting potential and current threats, intrusion detection systems will be considered. Introduction In this global technological evolution of the digital era, every organization protects digital data by deploying hardware or software based firewalls, security appliances such as intrusion detection systems and other dedicated hardware. The widespread implementation of network defense equipment aids the organizations to safeguard the digital data in a secure way. However, the other side of the picture demonstrates that it has also maximized opportunities for hackers to breach in the systems. Likewise, the rapid evolution of technology such as cloud computing, has facilitates or created opportunities for cyber criminals to breach these newly developed infrastructures. However, in any case, Security is paramount and every computer network possessing personal or confidential data has to be protected. Security measures are mandatory as ‘www.businessdictionary.com’ covers the basics and states it as “Prevention of and protection against assault, damage, fire, fraud, invasion of privacy, theft, unlawful entry, and other such occurrences caused by deliberate action”. Another definition in the context of network security stated as “Network security covers such issues as network communication privacy, information confidentiality and integrity over network, controlled access to restricted network domains and sensitive information, and using the public network, such as Internet, for private communications”. There is a massive competition in the market spreading from industry to industry, as every organization wants to gain competitive advantage over another. They are committed to protect mission critical data such as strategic plans for business within five years, if these strategic plans are stolen, or customer data is stolen from their network, there is a severe impact of their reputation in the industry along with massive fines from the regulators of the region. This is the reason why organizations spend enormous funds only for implementing advanced security devices and security applications The reason for doing large investments in order to protect networks is understandable as the impacts of security breaches are also equivalent. Security breaches related to data theft, hacking, unauthorized access etc. impacts on organizations reputation in the market as customer data is exposed to hackers, who can use it for many purposes for financial gain. As per the current scenario, the computer network for 1-Click Mobile Phones Ltd has already insufficient controls in place for combatting the paramount world of threats, viruses and criminal acts. No internal access policies are implemented, no advanced security appliances are present, and no surveillance security framework is implemented. 1-Click Mobile Phones Ltd has decided to safeguard the by incorporating a surveillance security cameras along with biometrics, advanced security appliances, wireless security and internal access policies. The primary objectives of 1-Click Mobile Phones Ltd are to identify and prevent Unauthorized Access, Monitoring Employee activities by surveillance, Monitoring critical server, database and equipment by surveillance and Preventing Wireless access. Although, advanced firewalls support packet-filtering technology to analyze every packet before granting access. Moreover, ‘computer security incident response teams’ are deployed to perform recovery whenever an incident generates on the network. Physical Infrastructure Policy The physical infrastructure policy will add surveillance security to the current network. There are not many definitions available for video surveillance security, however, there is a good one available and it states as “Intelligent Video Solution is a system of hardware and software that aids the security executives in performing their daily tasks. An intelligent video solution can be from a single manufacturer or it can be a compilation of components (both hardware and software) from a variety of manufacturers. The net end result is that it is the sum of all of its parts performing the tasks they were designed to do” (Elliott 2010). For the current network of 1-Click Mobile Phones Ltd, a cost effective network video recording surveillance solution s required. The ‘VS-8024 VioStor NVR (Network Video Recorder)’ will fulfill all the requirements of the network as it supports high definition real time monitoring from 24 simultaneous channels. Some of the recording features of this device are Remote live monitoring, recording and playback, High definition H.264, MxPEG, MPEG-4 and M-JPEG Recording as recording features are available in three modes i.e. Continuous, manual and schedule recording. Moreover, motion detectors perform alarm recording (, QNAP Systems, Inc. (VS-8024 VioStor NVR) - Quality Network Appliance Provider). Furthermore, alarm recording can also be scheduled on maximum 15 specific cameras to save storage. In addition, the network video recorder also supports, picture in picture capability, multi-mode display, digital zooming, and multi-server monitoring that are limited to 128 channels that can be accesses from a remote workstation on LAN or WAN interface (, QNAP Systems, Inc. ( VS-8024 VioStor NVR ) - Quality Network Appliance Provider ). ‘AXIS M30 Network camera series’ is recommended. Ultra-discreet fixed dome design, ‘AXIS M30 Network camera series’ shares multiple features as it supports Multiple H.264 streams, simple installation, Power over Ethernet and many features on an economical price (, AXIS M30 Network Camera Series ). Fig 1.1 shows the hardware specifications for ‘AXIS M30 Network camera series’. Feature Specifications Indoor AXIS M3014 Max video resolution 1280 x 800 Min illumination(color) 1 lux Megapixel sensor/HDTV 1 MP/720p Motion detection and tampering alarm Available Digital Pan/Tilt/Zoom Available Power over Ethernet Available Fig 1.1 (Data retrieved from (, AXIS M30 Network Camera Series ) Moreover, the surveillance cameras support security Password protection, IP address filtering, HTTPS* encryption, digest authentication and user access log. The supported network protocols are IPv4/v6, HTTP, HTTPS, QoS Layer 3 DiffServ, FTP, SMTP, Bonjour, UPnP, SNMPv1/v2c/v3(MIB-II), DNS, DynDNS, NTP, RTSP, RTP,TCP, UDP, IGMP, RTCP, ICMP, DHCP, ARP and SOCKS. System integration supports Application Programming Interface (API) along with intelligent video. The video: motion detection technology provides active tampering alarms. Events associated with alarms perform file upload via FTP, HTTP and email. Moreover, notification via email is also supported along with HTTP and TCP. Video buffers for the camera are 40 MB pre- and post-alarm. In order to make the digital surveillance system operational, the IP cameras will be connected to the network video recorder. The ‘AXIS M30 Network camera series’ has a 1-mega pixel camera that will demonstrate clear images in both modes of the day i.e. morning and night. The video recording will be conducted by ‘VS-8024 VioStor NVR that will save recording on 8 bays with over 16 terabytes of storage. The NVR is embedded on a Linux based operating system. The requirements for a separate workstation will be eliminated and will be consider as a cost saving option for 1-Click Mobile Phones Ltd. The business continuity options include power over Ethernet. Network dictionary defines PoE as “Power over Ethernet (PoE) technology describes any system to transmit electrical power, along with data, to remote devices over standard twisted-pair cables in an Ethernet network. This technology is useful for powering IP telephones, wireless LAN access points, webcams, Ethernet hubs, computers, and other appliances where it would be inconvenient or infeasible to supply power separately.”The PoE will contribute to the organization’s network continuity planning, as alternate sources of electricity will augment network availability. The policy also includes the protection of data, software and hardware. This concludes that the highly secured are of the organization for instance, server room, or finance department, must requires protection in terms of biometric systems and IP surveillance. The cost of hardware is summarized as: Product Cost VS-8024 VioStor NVR $ 2899 AXIS M30 Network Camera Series $ 200 Biometric Systems (Associated with Finger Identification) x 4 38.49 x 4 = $ 153.96 User Access Control and Authentication Policy 1-Click Mobile Phones Ltd requires a user access and authentication policy in order to deploy a framework that will operate in strict compliance. There is a requirement for a centralized configuration framework that will control all the access policies of all users on the network. The framework will also provide user credentials to each employee. The user credentials include the username and password. Implementation of a centralized access policy will only be possible by implementing a domain. The domain will combine all the network components on the network including network devices, Printers, workstations, switches etc. moreover, the next step will be to optimize the domain with active directory. Microsoft active directory will allow the network administrator to set file permissions against each user. Likewise, Internet access to everyone is not possible, as it will augment the risk from viruses and spywares. Active directory can restrict internet access as well. Before setting rules and policies, users and workgroups are created and then policies and restrictions are applied to them. Additional domain server is required with these hardware specifications: Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 4GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA LCD Monitor 17 inch Total Cost $ 2300 Network Policy 1-Click Mobile Phones Ltd already has a firewall in place. Firewall can prevent network from viruses, spywares, Trojans etc. Most likely, organizations do not reply completely on firewalls as they can only provide logical security as compared to physical security. Moreover, viruses are intelligent and now stated as advanced persistent threats. Intrusion detection systems are ahead from firewalls in terms of advanced security for a computer network. 1-Click Mobile Phones Ltd will incorporate an Intrusion Detection System for advanced security. “Intrusion detection system (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse” (Network-Based Intrusion Detection System. 2007). Organizations save activity patterns in IDS databases so that they can continuously match the patterns with the current activity on the network. ‘Secure Solutions Ltd’ recommends an implementation of IDS to secure the network environment from denial of service attacks and major security breaches. IDS has a comprehensive alerting system and alerts are send via any medium available (differs from model to model). 1-Click Mobile Phones Ltd is also facing one more issue that involves a vulnerable wireless network. The network is vulnerable due to absence of encryption and privacy configuration. SSID is “The name assigned to a wireless Wi-Fi network. All devices must use this same, case-sensitive name to communicate, which is a text string up to 32 bytes long. Typically set to the equipment vendors name, such as "linksys," it can be manually changed by going into the configuration settings of the access point with a Web browser. The client machines will identify all the wireless networks they find when they boot up, unless the networks are hidden”. ‘Secure Solutions Ltd’ recommends configuring SSID and WEP on the wireless network or devices. WEP is another wireless security protocol defined in network dictionary as “a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN”. Hardware based IDS will not be a feasible option as it is way too expensive. Conventional software based IDS will provide efficient security and the price will be around $ 250 to $ 300. Business Continuity Policy For implementing business continuity policy, the countermeasures are illustrated below: Physical Threats Counter Measures Theft Lock Cabinets IP cameras, biometric fingerprint identification, Vandalism Hard steel box for Servers and Databases Flood Relocating or replicating the network room Create a duplicate or replica of crucial data servers that are geographically located away Fire water sprinklers, Fire extinguishers Earthquake Relocating data with data centers that are geographically located away Physical Infrastructure for 1-Click Mobile Phones Ltd Figure 1.1 shows the design of the ground floor. Figure 1.2 shows the design of the First floor. References , AXIS M30 Network Camera Series | Axis Communications . Available: http://www.axis.com/products/m30_series/ [5/12/2011, 2011]. ELLIOTT, D., 2010. Intelligent Video Solution: a Definition. Security: Solutions for Enterprise Security Leaders, 47(6), pp. 46-48. , What is security policy? definition and meaning . Available: http://www.businessdictionary.com/definition/security-policy.html [5/8/2011, 2011]. Network-Based Intrusion Detection System. 2007. Network Dictionary, , pp. 340-340. Network Security. 2007. Network Dictionary, , pp. 339-339. , Online Store - Ax3 Software . Available: http://www.ids-sax2.com/OnlineStore.htm [5/10/2011, 2011]. Power over Ethernet. 2007. Network Dictionary, , pp. 382-382. , QNAP Systems, Inc. ( VS-8024 VioStor NVR ) - Quality Network Appliance Provider . Available: http://www.qnap.com/pro_detail_feature.asp?p_id=130 [5/12/2011, 2011]. Ssid. 2011. Computer Desktop Encyclopedia, , pp. 1. Read More