Detection & Prevention Systems

For the purpose of this assignment snort will be used as intrusion detections systems which is an open source IDS, snort has the ability to monitor traffics in real time and packet locking its also inspecting each packets as they enters into the network, Snort can be used as packet sniffer to analyse the network traffic in order to detect any bizarre looking packets or payloads which might have malicious data in it. Snort can also detect payloads attacks against the network or host system including but not limited to stealth port scan, and buffer overflows.

The quality of monitoring system is very important, so that its used to scan & detect different kind of attacks preventing them from striking the system.

Network Intrusion Detection: Software exists to watch traffic on your network to search for malicious intent. Is an Intrusion Detection System going to be implemented? An IDS is not a fire and forget type system. It requires constant monitoring. Smaller organizations will be overwhelmed by the amount of information it produces.

When the GCU gathers evidence for later use for the court, sources of evidence can be monitored to detect threatened incidents in a timely manner. The GCU employee’s needs to be aware of suspicious transaction related to any activity in the customer account. Securing intrusion detection systems (IDS) components are important because IDS are often targeted by attackers that want to prevent the IDS from detecting attacks or want to gain access to sensitive information on the IDS, such as host configurations and known vulnerabilities. In monitoring and auditing, the types of activities recognized as suspicious will be different from different business needs. For example, a forensic accountant may look for specific patterns of financial data to trigger suspicion of fraud or theft. A suspicious event might be multiple emails on a sensitive subject from a person that is not involved in the subject. Recommend resources that can be used

Preventive controls can be as simple as locks and keys to access sensitive areas of a building, clearances to access classified data, or the use of complex passwords with encryption. Detective controls can be as simple as cameras or motion detector systems in a building, or, as complex as a network intrusion detection system (NIDS) on the network. Corrective controls, usually combined with preventive and detective controls, help reduce the damage once a risk has manifested. This can be done by performing regular backups in the event of a system crash. Below is an illustration (Figure 4-1) of the three main types of security

This is a preventative system of which staff are familiar with and sometimes cause delays in providing much needed treatment to an individual. Sullivan and Garland (2010) suggest that change is changing something different from what is was. In support of this, Mullins (2013) suggests that change is an inescapable part of both social and organisational life. However, change could face some resistant due to the fear of unknown, organisational culture, threats to power or influence. Solution to likely resistance would be discussed in the work.

In D&A case, an IPS (Intrusion Prevention System) would have helped because an IPS helps in limiting the Zone transfer and segregate authoritative servers. While traffic enters into the networks, an IPS will inspect the type of traffic and frequency of traffic and will permit, deny, or alert depending on the set up. It will help prevent in ICMP flood, DNS flood, and DNS spoofing in the network. An IPS will match against pre-set rules or dynamic signatures to detect malicious patterns. One of the most popular types of DNS attacks, called Cache Poisoning Attacks, can be mitigated by the implementation of IPS. But I wonder how correctly and effectively D&A implemented their IPS in their networks. Just installing firewall and/or IPS will not prevent unauthorized access from intruders. The sustainability of cybersecurity systems after initial implementation is significant. In my recent experience, after cutting-over a company’s network and installing firewall with IDS and IPS features, I emphasized the importance of monitoring the traffic frequently and build the security rulesets accordingly to deny or permit or alert the type of traffic that goes in and out of the

The Intrusion Detection System (IDS) is a protection scheme which collect and analyze audit data for the entire network.

2.4.7 Rapid intrusion detection and response procedures: KIU should have mechanisms in place to reduce the risk of undetected system intrusions. Computing systems are never perfectly secure. When a security failure occurs and an attacker is "in" the institution's system, only rapid detection and reaction can minimize any damage that might occur. Techniques used to identify intrusions include intrusion detection systems (IDS) for the network and individual servers (i.e., host computer), automated log correlation and analysis, and the identification and analysis of operational

Interruption identification frameworks (IDS) take either system or host based methodology for perceiving and redirecting assaults. In either case, these items search for assault marks (particular examples) that for the most part demonstrate malignant or suspicious goal. At the point when an IDS searches for these examples in system activity then it is system based (figure 1). At the point when an IDS searches for assault marks in log records, then it is host based.

Securing IDS components are very important because IDSs are often targeted by attackers who want to prevent the IDSs from detecting attacks or want to gain access to sensitive information in the IDSs, such as host configurations and known vulnerabilities.

IDPS technology uses a lot of different methods to detect attacks. Signature-based, anomaly-based, and stateful protocol analysis. Most IDPS technology use multiple methods either separately or together to broaden and have better accuracy detection. The simplest detection method is signature-based because it corresponds to a known attack or type of attack. Signature based detection is the process of comparing observed events with known signatures of attacks to help identify possible attacks. Detection technologies only implementing signature-based attacks will be ineffective at detecting day-zero attacks.

The goal of intrusion detection is to monitor network assets, detect anomalous behavior, and identify misuse within a network (Ashoor, Gore, 2011). An intrusion detection system (IDS) is a device or software application that monitors network system activities for malicious activity or policy violations and produces reports to a management station (Kashyap, Agrawal, Pandey, Keshri, 2013), additionally there are three types of IDS:

known as an intrusion prevention system (IPS). auto-responds to the suspicious activity by resetting the connection. reprogramming the firewall to block network traffic from the suspected malicious source. IDPS is commonly used automatically at the command of an operator; systems that both "detect" (alert) and/or "prevent."

Firewalls is categorized as a preventive control which is used as a defense shield around IT systems to keep intruders and hacking from occurring, whereas, an Intrusion Detection System (IDS) which is categorized as a detective control is used to detect intrusions that have already occurred (Cavusoglu, Mishra, & Raghunathan, 2005). However, IDSs are not