Professional Documents
Culture Documents
LIU SAIDA
..
[INTERNET SECURITY ]
May, 2011
Table of contacts:
INTRODUCTION:.....................................................................................................3 FIREWALLS............................................................................................................. 4 Definition/Function:................................................................................................4 2.2. First Generation Packet Filters:.................................................................5 2.3. Second Generation Application Layer:.........................................................6 Third Generation stateful filters:......................................................................6 Subsequent Development:.....................................................................................6 Types:.................................................................................................................... 7 INTRUSION DETECTION SYSTEM (IDS):.................................................................7 3.1. Definition........................................................................................................ 7 3.2. The key Compelling Reasons To Acquire and Use IDSs IDS............................7 3.3.0. Major types of IDSs......................................................................................8 3.3.1. Process model for intrusion detect systems:...............................................8 3.3.1.1 Information Sources: .................................................................................8 3.3.1.2 Analysis:.................................................................................................... 9 3.3.1.3 Response:..................................................................................................9 3.4.0. Type of Intrusion Detection System:............................................................9 3.4.1. Host-Based IDS (HIDS):................................................................................9 3.4.2. Network-Based IDS (NIDS).........................................................................10 3.4.3. Application-Base IDS (APIDS).....................................................................10 3.4.4. Protocol-Base IDS (PIDS)............................................................................12 CONCLUTION: .................................................................................................... 13 5.0. REFERENCES:...............................................................................................13
[INTERNET SECURITY ]
May, 2011
INTRODUCTION:
The idea of a wall to keep intruders dates back thousands of years. For just a brief example, over ten decade ago, the Chinese built the Great Wall as protection from neighbouring northern tribes. The term Firewall was in use by Lightoler as early as [1764] to describe walls which separated the part of a building that is prone to fire (e.g. a kitchen). In this project I will rest my ideas on the concept of firewall in a more modern setting, computer networks. The predecessors to firewalls for network security were the routers used in the late 1980s to separate networks from one another. A network which wasnt configured properly caused problems on one side of the router and was largely isolated from the network on the other side; this has been improved with firewall. The Intrusion Detection System (IDS) which is designed to detect unwanted attempts at accessing, manipulating and/or disabling computer system mainly through a network, such as internet is either software and/or hardware. It is used to detect several types of
[INTERNET SECURITY ]
May, 2011
malicious behaviours that can compromise the security and trust of a computer system. To throw more light to my explanation of An IDS; IDS can be composed of several sensors which generate security events, a console to monitor events and intruders.
FIREWALLS
Definitions/function First Generation - Packet Filters Second Generation - Application Layer Third Generation Stateful Filters Subsequent Development Types.
Definition/Function:
Firewalls are network devices that enforces an organisations security policy through a protect network called proxy. Proxies are program that receive the traffic destination for another computer system, it also requires a user authentication; they then verify that users are allowed to connect to the destination before connecting to the destination server on behalf of the user.
[INTERNET SECURITY ]
May, 2011
Firewalls are viewed into several types of techniques which can be explained using these layers of techniques: Packet Filter, Application Getaway, Circuit-Level Gateway and Proxy Server. The firewall is a detected appliance that is running on a computer system which inspects network traffic passing through the system denies or permits passage based on a set rule by the proxy server. It is also software or hardware that is normally placed in the middle of a protected and unprotected network. ( ACM Journal Name, Vol. V, No. N, Month 20YY.)
2.2.
The first filter system known as Packet Filters Firewalls was developed (DEC). Mainly, packet filter is responsible for inspecting the packets which represent the unit that transfer the data between computers on the internet. Most importantly Bill Cheswick and Steve Bellovin stated: packet filters pays no attention to whether a packet is part of an existing stream of traffic (it stores no information on connection state). Instead, it filters each packet based only on information contained in the packet itself. (Bill Cheswick, System development.pp111, 1990)
[INTERNET SECURITY ]
May, 2011
Subsequent Development:
This technique was developed by Bob Braden and Annette DeSchon at the University of Southern California in 1992. The product is known as Visas, which is the first system to have the virtual integration interface with colours and icons. It is also the improvement of the other techniques and the existence deep packet inspection functionality of modern firewalls which can be shared by the Intrusion Prevention System (IPS). (Bill Cheswick, System development.pp117, 1990)
[INTERNET SECURITY ]
May, 2011
Types:
There is several classification of firewall pending where the communication is taking place. Below are the four important types of firewall/packet filter: Network layer and packet filters Application layer Proxies Network address translation
3.2. The key Compelling Reasons To Acquire and Use IDSs IDS.
To prevent problem behaviours by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system. To detect attacks and other security violations not prevented by other security measures.
[INTERNET SECURITY ]
May, 2011
To detect and deal with the preamble to attacks (commonly experienced as network probes and other doorknob rattling activities). To document the existing threat to an organization. To act as quality control for security design and administration, enterprises. To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors especially of large and complex
[INTERNET SECURITY ]
May, 2011
3.3.1.2 Analysis:
The part of intrusion detection system that actually organizes and makes sense of the event derived from the information sources, deciding when those events indicate that intrusion are occurring or have already taken place. The most common analysis approaches are misuse detection and anomaly detection.
3.3.1.3 Response:
The response been taken once the system detect Intrusion. By these set of action they are typically grouped into active and passive measures. With active measures involving some automated intervention on the part of the system and passive measures involving reporting Intrusion Detection System.
[INTERNET SECURITY ]
May, 2011
of two types, operating system audit trails, and system logs. eg (OSSEC).
APIDS are subset of host-based IDSs that analyze the events transpiring in software application. They are mostly use by applications transaction log files, which stands as a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. Example of place or location been use; in a web server with a database. (Denning, Dorothy E., "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119-131)
10
[INTERNET SECURITY ]
May, 2011
11
[INTERNET SECURITY ]
May, 2011
12
[INTERNET SECURITY ]
May, 2011
CONCLUTION:
Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system.
5.0. REFERENCES:
2.0. ACM Journal Name, Vol. V, No. N, Month 20YY. 2.1. Bill Cheswick, System development.pp104, 1990. 3.0. Denning, Dorothy E., "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119-131 3.1. Lunt, Teresa F., "IDES: An Intelligent System for Detecting Intruders," Proceedings of the Symposium on
13
[INTERNET SECURITY ]
May, 2011
Computer 3.2.
Security;
Threats, Couto,
and
Rome, Italy, November 22-23, 1990, pages 110-121. Barbara, Daniel, Julia, Popyack, Leonard, and Wu, Ningning, "ADAM: Detecting Intrusions by Data Mining," Proceedings of the IEEE Workshop on Information Assurance.
14