Intrusion Detection System - Report Example

Running Head: Intrusion Detection System Intrusion Detection System Name Institution Date Intrusion Detection System Literature review Security is a paramount thing to consider in any kind of development. This is because the society has greatly changed and any organization developing any new facility should be well prepared to counter any attacks. Connecting a computer to the internet increases the risk of having someone, install malicious tools and programs, break in or using malicious program to gain control of other machines by the use of a remote (Spafford & Zamboni, 2000). These attacks have been evident in the banks where individuals have severally accessed accounts belonging to clients and gaining accessibility on the information regarding the daily activities including the sum of money in the accounts. This information has been severally used as a threat to companies so as to extract a huge money from them and incase of failure, the criminals threaten to release the information e.g. on credit card to unauthorized entities. Some companies have had to close down due to loss of customer trust, customer satisfaction and revenue due to DoS (Denial-of-Service) which is also regarded as packet flood attacks which have been a major blow to them (Ragsdale et al, 2000). For instance, attackers broke into one major company dealing with software development and accessed their source cord which was for a product that was in the development stage. This code was later released into the internet and was hence a major blow to the company (Crosbie & Spafford, 1995). It is due to such kind of losses that companies are working hard to develop up to date systems to raise alarm incase of any suspicious activities and for monitoring the security systems in place. Generally, there are basic things to consider when choosing a security system for a facility. These may include available resources, assets within the facility needing protection, the possible threats, and possible measures to be taken against these threats together with possible risks. The possible threats are put into consideration. In addition, the appropriate security system should be able to detect any attempt to intrude and alert the security team. In addition, it should be able to delay the intruders’ entry to the point of giving the security team time to prepare to counter the attack. Moreover, it should provide a way for the security team to assess the security situation and finally allow them to respond without exposing them to the intruders. After doing a thorough analysis of the possible threats; both real and perceived, the security measures below were chosen as the most reliable security measures for the new computer premises. In analyzing the [possible threats, the location of the facility was considered. It being 300m from the highway and being located in semi- rural district, it means that it is less populated and therefore, if proper security measures are not put in place, then, the facility can be easily attacked and destroyed. Possible Threats: Espionage, sabotage, damage, theft and hackers 1. Use of passwords to log into authorized A/Cs- done by system administrators in conjunction with top management. 2. Screening of materials entered and transmitted-who can access what depending on responsibilities. The above name threats can lead to huge losses and in the worst case result to the closure of the organization. The cost of prevention is far much lower than the cost of trying to repurchase those equipments that have already being stolen or working on a system that has been hacked (Crosbie & Spafford, 1995). The poor job description can also be a cause of insecurity since it reduces accountability incase of an incidence such as theft. In this case, revision of job description will be an important consideration to make. This is also important due to new employees who will have to be recruited to manage the security system. Inconsideration of the possible means of preventing the above mentioned actions from taking place as they threaten the stability of any company, raising the security level would include Physical protective measures which include physical barriers, lighting and electronic security systems, back-ups to protect information from loss and skilled manpower. For lighting arrestor to be implemented, the consideration is on natural threats like floods, fires and fog. The natural disasters can lead to huge losses and the worst part of this is sometimes the machines and information systems are destroyed beyond repair. These kinds of threats also lead to massive loss of equipment and information including information in the backup. For the buildings, security measures include building walls, opac window glasses, roofs-flat roof-bricks, reinforced concrete roofs and walls. The following should be installed: Plastic Fragment retention film on the glass plus blast -resistant glazing and foyers on doors. The detection elements are very important facilities and must be included in the facility. These include: IDSs, CCTV systems used to access intrusion alarms, weapons and explosive detectors, guards to be equipped with bomb detectors, weapons to counter attacks, registration books for signing in and out. These will complement other security measures applied in the facility. Since a car park is very important in any organization and cannot be done away with, measures will be taken while deciding its location. This will enable detection of any stolen computers or other equipment being packed on cars. The car pack will hence be located in the same distance away from the facility and a standoff zone-place where inspection will be conducted. Bumps-speed control and speed indication. Fencing is important as it acts like a psychological deterrent. The main gate and the emergency gate must be kept locked when not in use. This will prevent free entrance of intruders into the facility. Security towers to provide maximum observation. Objectives To reduce crime rate in the computer facilities To enhance security of information stored in the computer system To reduce the cost of operation by reducing the loss incurred as a result of theft and any form of intrusion To increase the security measures through the integration of current technology in the implementation of a security system. Introduction An intrusion detection system is supposed to detect the intrusion by any unauthorized person to a given facility. In our case, the facility at hand is a compound composed of three buildings which contain computer facilities. Due to the fragile nature of data that is contained in this company’s database, it is of much essence to design a security system that will prevent any ill intended individuals from accessing the system either to vandalize the information systems or maybe access it for other mischievous uses. The increased rate of crime has called for companies to be more careful in the kind of security they provide for their facilities. Though provision of security is costly, it cannot be compared with the loss a company can undergo incase an intruder is in a position to access the facility and walk away with the machines in it or access private information that can result to the company losing a lot of money. The purpose of taking security measures is to prevent any intruder accessing documents, materials, installations or equipments in the computer facilities. For such a kind of action to take place the most important thing is to limit intruders from accessing the place. The use of a perimeter fence and enough manpower and the integration of other devices like cameras come in handy. In this case, we will device a fence that is manned by guards at the gates. The other parts of the fence will be electrified such that any person planning to jump over will immediately be electrocuted. Above this the fence will be fitted with an alarm system which goes off immediately any intended tampering is detected. Apart from this perimeter fence, we will include a perimeter wall which is used to inhibit seeing of what goes on within the compound. It is obvious that any person gets attracted to something upon seeing it. The moment this is avoided by erecting a wall, we will have eliminated quite a number of people who would have been intruders. In addition, the number of visitors coming to the site will be limited by the tight security that will be deployed at the gate. All persons including the staff workers will be required to use a pass to access any facility in the compound. This kind of security measures have been applied in many companies and have proved to be effective. However, with the current intelligence acquired by individuals, criminals have also developed new tactics to conduct theft. This calls for tight measures and integration of modern technology in establishing security measures. Apart from these two fences each building will be fitted with cameras on the outer sides which will serve to detect all movements within the building and also without. The staff member’s movements will also be detected since the company is not ready to take any chances. Even a close staff member can be involved in carrying out a criminal act. The cameras should be having a large memory so as to store the recorded information for a large amount of time. This will enable the diction of crimes that are organize and carried out after along time. The conversations that go on in the buildings and in the compound will also be recorded and store. Having this information is important in tracking down offenders. Some other critical thing to consider with the cameras is the monitoring of the movements. This will be effective when a separate room is set aside for a person to be constantly receiving real time images of the compound. For effectiveness, it is necessary to have night and day shift personnel. The staffs working in the compound will be inspected as they go in and out of the compound and will be required to leave any luggage at a central place. The real time images will be displayed by use of digital liquid crystal display screens which will be receiving the information from the cameras. Hereby is a simple sketch of the compound. Main road 300m Fence 1 Fence 2 a- Post for the 1st gate guard b- Post for the 2nd gate guard c- Generator for back up power Buildings 1, 2 and 3 are the three buildings with computers inside the compound. Fence 1 is the outer fence which is electric and fence two is a wall which has barbed wire reinforcement at the top. This will ensure that intrudes who aims at accessing the compound in other areas apart from the gate are kept off. The fence will be made of an inner and an outer fence. The outer one will be an electric fence whereas the inner one will be wall fence which has been reinforced with barbed wires. This outer fence will act as a mental barrier for an intruder. It is definite for an intruder, once he sees the fence, it will be registered in his mind that the computer facility is protected. It will also act as a delay obstacle because the intruder must come up with an idea on how he can penetrate to the inner part. This kind of delay will give the security personnel a chance to detect any person walking round the facility continuously or coming near it with an ill motive. Through monitoring by use of security guards and sensory devices, he can be detected. Those found guilty will be dealt with accordingly and this will act as a warning to any person trying to do the same in the future. The wall will first limit the intruders from knowing the activities being carried out in the computer facility since he or she is barred from seeing inside. On top of it, some mounting will be done using wire which is connected to electricity power. This will provide current continuously such that, if an intruder touches it, he will be short circuited. To enhance this, the wall be concreted, thus some electric current will follow through his body causing a shock. The intruder may faint or die. To protect an intruder from dying, the current should be regulated to some low level. Buildings The buildings will comprise three main building and one security room at the main gate. For maximum security provision, the roof will be made of bricks reinforced with concrete. The windows will be made of glasses which are opaque such that an intruder cannot see the equipment which are in the building. In case of attacks, to reduce injuries it should be coated with plastic thin cover. This is because it makes it hard to cut one’s body if it breaks. Doors made of wood, glass and metals are susceptible to blasts. To reduce the risk an outer door can be added. The other option is to replace the door with an explosion resistant door to provide high level security. For public relations, it will be of great importance to protect the image of the computer facility. A car pack will be constructed. It will be located far away from the main buildings and near the gates to protect the main buildings in case of attacks. Being away from main building, this creates a delay in case an intruder has a boom. The time taken to reach the main building will be longer than expected and an explosion can occur in the car pack thus reducing the impact it could cause. The space between the two walls will enable the security personnel to detect any movements being made. Security building There will be a need for security house at the main gate. It will have electronic security devices which will include CCTV, sensor devices, and weapons to be used for self defense in case an intruder tries to attack. In order to know the people who are visiting, there will be a need to buy a registration book. This will help to reduce chances intruders to get into the computer facility without self identification. The persons visiting the building will have to produce their national identification cards to receive a pass for them to access any facility. Each person will be required to use a pass alone. On top of this an observation tower ought to be included in one of the buildings. This tower room will be used for maximum observations. A computer will be hosted at the tower chamber for intruder detection. Detection of intruders while still at afar distance will be made possible as prevention is a better choice than dealing with a criminal after committing the crime. Any attacks will be counteracted before they are realized. Access gates The computer facility needs two gates: main and emergency gate. The main gate will be used for entrance and exit purposes. At the main gate the will be a security house which has a door and window as earlier described. Roadways The facility will be located 300m from the local highway. A speed signboard will be located near the main gate to show speed limit of 5km/h within the main gate. Three bumps to reduce vehicle’s speed as it approaches the main gate. A stop sign board will be put 10m from the main gate, this will signal a vehicle to stand for vehicle inspection. In the computer facility, pavements will be constructed from one building to the other and even to the main gate. Challenges The possible challenges too be faced include resistance to change by the already existing security officers due to the fear of losing jobs. Since the implementation of the security detection facility will utilize current technology which is sophisticated for those without any skills or experience ton how to use it, new employees including professionals in the area will be deployed. The reliance on technology will also result to the reduction of unskilled manpower. This is a major threat and the workers will need to be well informed of this. To reduce the impact, the firm will inform all workers before hand on the implementation of the fence so that those willing to learn can be trained in the area. To maintain security at the highest level, continuous training will be offered to the offices in charge and those involved in security measures. The level of security maintained and incidence of any intrusion attempts will be monitored closely to address any leakage of information. Currently, there have been increased incidences of internal theft cases and these are on the increase. To ensure that internal security, the staff members will be given specific work to do with a clear job description to ensure accountability. Incase one is found to be involved in an attempt to either be involved or assist intruders access the facility, he or she will be liable to severe punishment including the loss of the job References Crosbie, M. & Spafford, E. (October 1995). Defending a Computer System using Autonomous Agents, Proc. of the 18th National Information Systems Security Conference, Baltimore, MD. Crosbie, M. & Spafford, E. H. (November 1995). Applying genetic programming to intrusion detection, Proc. of the 1995 AAAI Fall Symposium on Genetic Programming. Spafford, H. & Zamboni, D. (October 2000). Intrusion detection using autonomous agents, in Computer Networks, Volume 34, Issue 4. Ragsdale, D. J. Carver, C. Humphries, J. Pooch, U. (October 2000). Adaptation Techniques for Intrusion Detection and Intrusion Response Systems, in Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Nashville, Tennessee. Read More