Network Security

Intrusion Detection Systems

Posted by

0

Intrusion

An intrusion  is defined as the unauthorized use, misuse, or abuse of computer systems by either authorized users or external perpetrators.

—Types of Intrusions:

External attacks

–    attempted break-ins,  denial of service attacks, etc.

Internal attacks

–Masquerading as some other user

–Misuse of privileges, malicious attacks

Clandestine users: exploiting bugs in privileged programs


Types of intruders:

Masquerader : pretend to be someone one is not
An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

Misfeasor : authentic user doing unauthorized actions
A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges

Clandestine user : done secretively, especially because illicit
An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection

Mechanisms Used:

  • —Prevention:  isolate from network, strict authentication measures, encryption
  • —Preemption:
    ◦“do unto others before they do unto you”
  • —Deterrence: dire warnings,
    ◦“we have a bomb too.”
  • —Deflection: diversionary techniques to lure away
  • —Detection
  • —Counter attacks

 

The two principal counter-measures

  • Detection : is concerned with learning of an attack, either before or after its success.
  • Prevention : is a challenging security goal. The difficulty stems from the fact that the defender must attempt to thwart all possible attacks, whereas the attacker is free to try to find the weakest link in the defense chain and attack at that point.

What is IDS?
An Intrusion Detection System (IDS) is a system that attempts to identify intrusions.

Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.

Examples :

  • —Car Alarms
  • —House Alarms
  • —Surveillance Systems
  • —Spy Satellites, and spy planes

Firewall

Posted by

0

What is a Firewall?

  • a choke point that keeps unauthorized users out of the protected network.
  • interconnects networks with differing trust
  • imposes restrictions on network services, only authorized traffic is allowed
  • auditing and controlling access, it can implement alarms for abnormal behavior
  • is itself immune to penetration
  • provides perimeter defence

Technically, a firewall is a specialized version of a router.

Apart from the basic routing functions and rules, a router can be configured to perform firewall functionalities with the help of additional software resources:

1.All traffic from inside to outside, and vice versa, must pass through the firewall. To achieve this, all the access to the local network must first be physically blocked, and access only via the firewall should be permitted.

2.Only the traffic authorized as per the local security policy should be allowed to pass through.

3.The firewall itself must be strong enough, so as to render attacks on it useless.

 

Types :

  1. Packet Filters
  2. Dynamic packet filter or stateful packet filter.
  3. Application-Level Gateways
  4. Circuit-Level Gateways

A bastion host is a system identified by the firewall administrator as a critical strong point in the network’s security. It is a highly secure host system that serves as a platform for an application-level or circuit-level gateway.

Limitations:

  • cannot protect from attacks bypassing it
  • cannot protect against internal threats
    e.g. disgruntled employee
  • cannot protect against transfer of all virus infected programs or files, because of huge range of O/S & file types