Free Essay

Intrusion Detection

In:

Submitted By dsalabie
Words 1808
Pages 8
Intrusion detection
Intrusion detection is a means of supervising the events that occur in a computer system or network. This includes examining them for traces of possible incidents that are in violations or threats of violation of computer security policies, acceptable use policies, or standard security practices (Ogunleye & Ogunde, 2011). Intrusion detection is become more than ever an important focus of many organization. This focus is driven by the availability of more information systems and globalization through the use of the internet. The market place is no longer the residents of a small town going to the local mall, but services online available to anyone with a web browser. With all this access vastly multiplies the possibilities of one masked robber in a year to thousands of wrong dowers at a desktop or laptop that has discovered vulnerability in the system and decides to take the chance to exploit it.
There are various approaches an organization can use to deal with many of the problems that exist with securing an information system. Jain’s (2008) article from the ICFAI Journal of Information Technology depicts a scenario of a network intrusion detection team and how situation can be averted:
…The hackers started with slating down the objectives of their ‘Limited Knowledge Penetration Testing’, also referred to as ‘White Box Approach’, and gathered sufficient information to ensure that the testing did not affect the normal business operations. They emulated a typical hacker by first collecting publicly available information relating to the company from sources like news releases, newspaper articles, annual reports, SEC filings, and the corporate website. During further probe to obtain password clues, the team found an FTP server curiously installed outside the firewall, and an internal user system being used to post huge content on illegal websites.
The consulting team ran a port scan on the suspicious FTP server only to discover that in addition to the expected open port (port 21); there were half a dozen other open ports, including 139, 2187, 3437 and 14120. These ports were used to run utilities to establish a Telnet session for data trafficking, and also to run an alternate (rogue) FTP services by the original hacker. The team subsequently found some critical information by Ftp’ing the site that revealed huge data downloads conducted by anonymous users via this rogue FTP site. The team consolidated their findings for assessing the degree of the attack by using several tools and utilities that any law enforcement professional would use for the purpose. To avoid the risk of being liable for distribution of copyrighted material and the attack on government agencies, the client authorized the team to identify the source of hack. The team conducted planned hacks on the actual hacker’s system.
They discovered that the hack was beyond their client’s system environment. The hacker had compromised nine other servers, including two universities and a large bank, in the same manner, and was using their client’s system as a launch pad for further attacks and other malicious activities. The team probed further, without disturbing the law, to get the details of the hack and the hacker. After fixing the system, the team advised the client to consult the concerned legal authorities to assess the legal responsibility associated with the hack, and also to report the hack to the appropriate authorities and affected parties as the client’s system was used to launch further scans and attacks. The team also developed a security strategy for the client and advised them to have frequent upgrades in their overall security strategy.
Network Intrusion and detection is an integral part of protecting an information system. According to Sundaram, an intrusion threat is also the potential possibility of a “deliberate unauthorized attempt to access information, manipulate information, or render a system unreliable or unusable” (1996). There are many aspects of an intrusion to include Risk, Vulnerability, penetration, just to name a few which will be discuss further. It is noteworthy to point out that all these areas can be identified in the above scenario. Risk as defined by Sundaram, is an accidental or unpredictable exposure of information, or violation of operations integrity due to the malfunction of hardware or incomplete or incorrect software design (1996). Vulnerability is a known flaw or issue with a piece of hardware or software. An attack is specific in the sense there has been an incident. When an attack is successful it is then classified as a penetration as access was establish and system may be compromise, in essence a violation of Confidentiality, integrity and or availability occurred. Hackers are the main threat to an information system. The roots of the hacker’s culture can be traced back to 1961, the year MIT took delivery of its first PDP-1 microcomputer according to Raymond (2003). The PDP-1 was one of the earliest interactive computers. They borrow their name from a term to describe members of a model train group at the school who hack the electric trains, tracks, and switches to make them perform faster and differently. It attracted a group of curious students from the Tech Model Railroad Club who experimented with it in a spirit of fun (Raymond, 2003). Hackers use different type of attacks to affect the usability of an information system one of these attacks, just to put things in perspective is the DoS or Denial of service attack. A Denial of Service attack or DoS are known for their ability to deny access to web or internet site. In such attacks the hacker overloads a server with so much data that it is too busy to service its valid request. This attack eventually slows system into crashing. A DDoS attack which is a distributed DoS is more devastating as data is sent from multiple host at the same time. This form of attack is more coordinated, harder to pin point and its effects are more rapid (Samuelle, 2008). Intrusion detection devices are used to monitor systems as an effort to counter intrusion. The intrusion detection system or IDS are used to detect unauthorized activities or activities that seem suspicious on the network. There basic function is to sound the alarm to the network manager that something is out of the ordinary (Harris, 2010). Intrusion detection device come in two main types according to Harris. There is network based and hosted based systems. Network based monitor communication on the network while hosted systems monitor activity on the computer that hosts it (2010). IDSs can be configured for many purposes. They can be used to watch for attacks, parse audit logs, terminate a connection and protect system files all at the same time exposing a hacker’s techniques and aid in their prosecution (Harris, 2010). Network based intrusion detection systems or NIDS uses sensors, which are just host computers with the necessary software or standalone dedicated systems. They are directly connected to the network and monitor all traffic which has the address of its host system, broadcast and even multicast system (Harris, 2010). The system works by making a copy of all packets passing on the original and sending a copy to be analyzed for inconsistencies. To see activities on a local computer the system manager would have to install the system on each system that will be monitored. Typical this is only setup on critical servers due to the high overhead and it could become an administrative nightmare (Harris, 2010). Today’s Intrusion detection systems complete their task in many ways. A knowledge or signature based system used information known by the vendor. This information is usually sourced from previous attacks. According to Harris, models of how an attack is carried out are developed an called a signature (2010). These systems are flawed in the sense that if an attack occurs that is not in the database or has a known signature, the attack is not recognized. These system are some of the more popular as most computers run MacAfee or Norton Antivirus software suite, two of the bigger manufactures. The effectiveness of an signature based intrusion detection based is only as effective as its updates and need to be updated regularly. Another form of intrusions detection system is a statistical anomaly based system. This system is behavioral based and unlike knowledge based system, they do not require signature updates. This form of intrusion detection systems function by first been placed in learning mode on a normal functioning network to build its profile of the system. The longer it is left in learning mode; generally the more accurate the system will be (Harris, 2010). The system, after building its profiles, functions by comparing traffic to its profile checking for inconsistencies. According to Harris the benefits of using a statistical anomaly based intrusion detection system is that it is able to react to “0 day” attack (2010). What this means is that this is the first time an attacker has used this method and there is no know solution. The down side to using a statistical anomaly based intrusion detection system is the high rate of which network traffic varies. There are typically different shifts and schedules and workers typically will be completing different task on any given hour, week, day or month. With this variance come many false alerts. Also if a hacker is able to detect that there is a statistical anomaly based system in use they may be able to integrate their pattern into the behaviors of the network (Harris, 2010). This action would serve to circumvent the system by making it think it was normal traffic. Rule-based intrusion detection systems work different from statistical and signature based systems. According to Harris, a “rule-based intrusion detection is commonly associated with the use of an expert system; an expert system is made up of a knowledge based inference engine, and rule based programming” (2010). These rules are applied to the data traffic and used to detect suspicious activity. While using these intrusion detection system it is good to make note that they all have limits. There is only so much data that each can handle. If a particular system is overwhelmed intrusions can potentially go unnoticed. Intrusion Prevention systems are now on the rise, the difference is that intrusion prevention systems acts to stop all suspicious traffic not just sound the alarm (Harris, 2010). In conclusion information systems play a vital role in society and the way organizations function. Information systems provide essential services that keep the country’s infrastructure running. The development and deployment of intrusion detection system play a big part in ensuring these service continue and thwart possible offenders. As long as there are hackers there will be a need to protect information systems. Care should be taken to ensure proper measure is taken to secure computer systems.

Similar Documents

Free Essay

Intrusion Detection

...Term paper cyber security awareness -Topic- Network intrusion detection methods INTRODUCTION Intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. Intrusion Detection Systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection provides a way to identify and thus allow responses to, attacks against these systems. Second, due to the limitations of information security and software engineering practice, computer systems and applications may have design flaws or bugs that could be used by an intruder to attack the systems or applications. As a result, certain preventive mechanisms (e.g., firewalls) may not be as effective as expected. Intrusion detection complements these protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusions have happened or are happening, so that we can understand the security threats and risks and thus be better prepared for future attacks. IDSs may be classified into Host-Based IDSs, Distributed IDSs, and Network-Based IDSs according...

Words: 1083 - Pages: 5

Free Essay

Intrusion Detection Systems

...Intrusion Detection Systems CMIT368 August 12, 2006 Introduction As technology has advanced, information systems have become an integral part of every day life. In fact, there are not too many public or private actions that can take part in today’s society that do not include some type of information system at some level or another. While information systems make our lives easier in most respects, our dependency upon them has become increasingly capitalized upon by persons with malicious intent. Therefore, security within the information systems realm has introduced a number of new devices and software to help combat the unfortunate results of unauthorized network access, identity theft, and the like – one of which is the intrusion detection system, or IDS. Intrusion detection systems are primarily used to detect unauthorized or unconventional accesses to systems and typically consist of a sensor, monitoring agent (console), and the core engine. The sensor is used to detect and generate the security events, the console is used to control the sensor and monitor the events/alarms it produces, and the engine compares rules against the events database generated by the sensors to determine which events have the potential to be an attack or not (Wikipedia, 2006, para. 1-3). IDS generally consist of two types – signature-based and anomaly-based. Signature-based IDS operate by comparing network traffic against a known database of attack categories. In fact...

Words: 1749 - Pages: 7

Free Essay

Distributed Intrusion Detection Using Mobile Agent in Distributed System

...Emerging Trends in Computer Science and Information Technology -2012(ETCSIT2012) Proceedings published in International Journal of Computer Applications® (IJCA) Distributed Intrusion Detection using Mobile Agent in Distributed System Kuldeep Jachak University of Pune, P.R.E.C Loni, Pune, India Ashish Barua University of Pune, P.R.E.C Loni, Delhi, India ABSTRACT Due to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. There is tremendous rise in attacks on wired and wireless LAN. Therefore security of Distributed System (DS) is become serious challenge. One such serious challenge in DS security domain is detection of rogue points in network. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. This paper gives the new idea for detecting rouge point using Mobile agent. Mobile agent technology is best suited for audit information retrieval which is useful for the detection of rogue points. Using Mobile agent we can find the intruder in DS as well as controller can take corrective action. This paper presents DIDS based on Mobile agents and band width consumed by the Mobile Agent for intrusion detection. information it receives from each of the monitors. Some of the issues with the existing centralized ID models are:  Additions of new hosts cause the load on the centralized...

Words: 2840 - Pages: 12

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...

Words: 3209 - Pages: 13

Premium Essay

Intrusion Detection

...RESEARCH REPORT – CP5603 INTRUSION DETECTION ASHWIN DHANVANTRI JAMES COOK UNIVERSITY AUSTRILIA SINGAPORE CAMPUS STUDENT ID 12878531 Table Of Contents Title Page No Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Types of Intrusion Detection System . . . . . . . . . . . . . . . . . . . . . . . 2 Working Of Intrusion Detection System. . . . . . . . . . . . . . . . . . . . . 3 System Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Outline Technical Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Module Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Use case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Technology Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 ...

Words: 3561 - Pages: 15

Premium Essay

Intrusion Detection System

...Intrusion Detection System ABSTRACT: An Intrusion Detection System (IDS) is a program that analyzes the computer during the execution, tries to find and indications that the computer has been misused. One of the main concept in (IDS) is distributed Intrusion Detection System (DIDS). It consists of several IDS over a large network of all of which communicate with each other. The DIDS mainly evaluate with fuzzy rule based classifiers. It deals with both wired and wireless network by Ad-Hoc network. It explores the use of conversation exchange dynamics (CED) to integrate and display sensor information from multiple nodes. It examines the problem of distributed intrusion detection in Mobile Ad-Hoc Networks (MANETs). Intrusion Detection System...

Words: 1585 - Pages: 7

Free Essay

Ntc 411 Week 5 Individual Security Solutions

...Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Resources: SkillSoft (2012). CompTIA Network+ 2012: Network Security Part 3. Complete the Security Solutions Model module in Skillport. Attach a copy (screen shot) of the final test page to your assignment below. Scenario: Your boss wants to know how to detect an intrusion into or an attack on the ecommerce network. Your boss also wants to know what hardware or software should be procured for intrusion detection. Write a 2- to 3-page business report describing the hardware and/or software you believe should be considered for implementation. Include your reasoning for why the described hardware and/or software should be procured and implemented. Address the following questions raised by your boss: Does a properly installed and maintained firewall provide adequate defense against intrusion? What is an IPS and do we need one in an ecommerce network? Do we need a group of network personnel to monitor the ecommerce network for intrusions 24/7? Will any of this hardware or software facilitate a real-time response to an intrusion? Format your business report consistent with APA guidelines. NTC 411 Week 5 Individual Security Solutions Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser https://hwguiders.com/downloads/ntc-411-week-5-individual-security-solutions/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel...

Words: 5062 - Pages: 21

Premium Essay

The Hacker in All of Us

...vulnerable. 2. What is the magnitude of the risk? That is, if security is compromised, what is the potential cost to the victim? Again this will depend on the user. Your average home users will run the risk of viruses, loss of data due to system crash and identity theft if they are not careful. With the Business or Corporate users the magnitude of the risk is much greater. If it is a financial institute, we could be talking millions of dollars at risk if security is compromised. 3. What policies and procedures can you suggest to counter the types of threats illustrated in this case study? * Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner. * If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data compromised. * An effective IDS can serve as...

Words: 530 - Pages: 3

Premium Essay

Nt1310 Unit 1 Exercise 1

...III .IDS SYSTEM Nodes in MANETs assume that other nodes always cooperate with each other to relay data. This assumption leaves the attackers with the opportunities to achieve significant impact on the network with just one or two compromised nodes. To address this problem, the IDS should be added to enhance the security level of MANETs. If MANETs can detect the attackers as soon as they enter the network to completely eliminate the potential damages caused by compromised nodes at the first time. IDS is usually act as the second layer in MANETs. a.Watchdog The watchdog that aims to improve the throughput of network with the presence of malicious nodes [10]. Watchdog serves as IDS for MANETs. It is responsible for detecting malicious node misbehavior's in the network. Watchdog detects malicious misbehavior's by promiscuously listening to its next hop’s transmission. If a Watchdog node overhears that its next node fails to forward the packet within a certain period of time, it increases its failure counter. Whenever a node’s failure counter exceeds a predefined threshold, the Watchdog node reports it as misbehaving. The watchdog is capable of detecting malicious nodes rather than links. These advantages have made the Watchdog scheme a popular choice in the field. Many MANET IDSs are either based on or developed as an improvement to the Watchdog scheme the Watchdog scheme fails to detect malicious misbehavior's with the presence of the following: 1) ambiguous collisions; 2)...

Words: 581 - Pages: 3

Premium Essay

Attack Prevention Paprer

...Attack Prevention Paper Introduction Cyber-attacks which are exclusively performed for the only objective of information collecting vary from monitoring the activities which a user makes to copying vital documents included in a hard drive. While those which do harm generally involve monetary thievery and interruption of services. Cyber-attacks are a slowly growing situation which is based on technology. The secret to avoiding this kind of attack is in the applications and programs which one uses for protection which identifies and informs the user that an attack is certain generally known as Cyber Warfare. As stated in the 1st explanation. However dependence and reliance aren't the only items which technology provides. Or an effort to monitor the online moves of people without their permission as the sophistication of cyber criminals continues to increase; their methods and targets have also evolved. Instead of building the large Internet worms that have become so familiar, these criminals are now spending more time concentrating on wealth gathering crimes, including fraud and data theft. An online article from Cyber Media India Online Ltd., suggests that because home users often have the poorest security measures in place, they have become the most widely targeted group. Cyber Media states that 86% of all attacks are aimed at home users (2006). As attacks on home users increase, new techniques are surfacing, including the use...

Words: 951 - Pages: 4

Premium Essay

Cyber Terror

...developing and implementing security policies and procedures, and promoting security awareness. (Nextgov, 2009) In January 2008, President Bush introduced the Comprehensive National Cybersecurity initiative ( CNCI). The CNCI included a number of reinforcing methods that included 1.) Managing the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections. This is headed by the Office of Management and Budget and the Department of Homeland Security, it covers the consolidation of the Federal Government’s external access points (including those to the Internet) 2.) Deploy an intrusion detection system of sensors across the Federal enterprise. Intrusion Detection Systems using passive sensors form a vital part of U.S. Government network defenses by identifying when unauthorized users attempt to gain access to those networks. 3.) Pursue deployment of intrusion prevention systems across the Federal enterprise. This Initiative represents the next evolution of protection for civilian Project 8:...

Words: 538 - Pages: 3

Premium Essay

Homework 1

...IS4560 Hacker tools, techniques and incident handeling Unit 1 Homework 1 Attacks are defined as any malicious activity carried out over a network that has been detected by an intrusion detection system, intrusion prevention system, or firewall. Based on the geographical map the whitepaper lays out for us, the United States receives chart topping threats in malicious code, phishing hosts, bots, and attack origin. Web based threats are increasing by the day with the endless amount of client-side vulnerabilities, attackers can focus on websites to mount additional, client side attacks. The most common web based attack in 2009 was related to malicious PDF activity, which actually accounted for almost 50% of web-based attacks. The year before that number was only at 11%. This attack got so popular because exchanging PDF files was a common day to day activity. So it wasn’t rare when you saw one in your inbox and didn’t think twice before opening it. 34% of all web based attacks happen in the United States, China is second with 7%. Some of those extremely high U.S. numbers are actually on the decline from the previous year’s report. Most of the decrease is because of increases in other countries and the Federal Trade Commission shut down a ISP that was known to distribute malicious code, among other content. One of the botnets linked to the ISP was Pandex (aka Cutwall). This botnet was responsible for as much as 35% of spam observed globally. The most difficult...

Words: 456 - Pages: 2

Premium Essay

Information Systems Security

...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and confidential...

Words: 3283 - Pages: 14

Premium Essay

Network Security Plan

...Computer and network security incidents have become a fact of life for most organizations that provide networked information technology resources including connectivity with the global Internet. Current methods of dealing with such incidents are at best piecemeal relying on luck, varying working practices, good will and unofficial support from a few individuals normally engaged in central network or systems support. This approach undoubtedly leads to inefficiencies and associated problems with respect to:   * ·        Duplicated effort * ·        Inappropriate actions * ·        Poor co-ordination * ·        Confusion - No obvious authority, identifiable responsibilities or overall management * ·        Tardy incident detections and resolution times * ·        Missed, unreported or ignored...

Words: 3365 - Pages: 14

Premium Essay

Owner

...System Administrator | ← Job Descriptions Main Page  | ESSENTIAL FUNCTIONS: The System Administrator (SA) is responsible for effective provisioning, installation/configuration, operation, and maintenance of systems hardware and software and related infrastructure. This individual participates in technical research and development to enable continuing innovation within the infrastructure. This individual ensures that system hardware, operating systems, software systems, and related procedures adhere to organizational values, enabling staff, volunteers, and Partners. This individual will assist project teams with technical issues in the Initiation and Planning phases of our standard Project Management Methodology. These activities include the definition of needs, benefits, and technical strategy; research & development within the project life-cycle; technical analysis and design; and support of operations staff in executing, testing and rolling-out the solutions. Participation on projects is focused on smoothing the transition of projects from development staff to production staff by performing operations activities within the project life-cycle. This individual is accountable for the following systems: Linux and Windows systems that support GIS infrastructure; Linux, Windows and Application systems that support Asset Management; Responsibilities on these systems include SA engineering and provisioning, operations and support, maintenance and research and development...

Words: 1105 - Pages: 5