Intrusion Detection System And Network Security

Analyzing the Role of Intrusion Detection System in Resolving Security Issues

1. Analyse how Intrusion Detection System (IDS) can resolve security issues in a computer network.

Intrusion Detection System is used to resolve computer network security issues. The attackers mainly target independent platforms to perform network intrusions. The intrusion detection system assess access patterns to the network by the intruders and detects their behaviour. The system analyses and monitors the network so that it can detect any signs of security issues. There are two types of intrusion detection technique that are used to detect unusual activities in the network. They are host-based and network-based using source of data. Host based intrusion detection system is developed on individual computer for detecting attacks and network based IDS are developed on raw network data (Quinn & Nadeau, 2015). Additionally, security violation can also be detected in information systems. It prevents exploitation of protocol and software vulnerabilities by intruders. Intrusion Detection System uses various classifiers to detect access patterns to the network.  

1. Analyse and explain footprinting in network security.

Data of a specific network environment is accumulated with the help of footprinting. The system vulnerabilities are revealed by the process of footprinting. The objective and location of intrusion are determined at the beginning of the process. After that non-intrusive method is used to gather information about the organisation. The attackers use various technologies and tools to gather these information that proves to be helpful to hackers. The pre-attack phase is referred as footprinting that is the stage before performing the actual attack. The tools that are used for footprinting are traceroute, Nmap and nslookup. The techniques of footprinting that are used are network queries, DNS queries, ping sweeps, port scanning, World Wide Web spidering and network enumeration. Information about target system is gained by the hacker through this process. Internet is surfed by the process of crawling to get information about target. Another web application that is used to get information about target website is WHOIS.

1. Evaluate how different tools can be used for footprinting with examples.

The tools that are used for footprinting are Sam Spade, SuperScan, Nmap and TcpView. DNS interrogation is done with the help of Sam Spade graphical tool. Sam Spade is a key security tool that has the features like Advanced DNS, Zone transfer, Scan addresses, Crawl Website and SMTP relay check. SuperScan tool is used to do TCP port scanning and IP address scanning (Czyz et al., 2016). The tool can scan the selected ports as well as all ports. SuperScan is a powerful and smart tool that is used for footprinting. Nmap tool offers the added advantage of being used in both UNIX/Linux and Windows operating systems. OS identification and ping sweeps can be done through this tool. Another free tool that is used in Windows to monitor all open UDP and TCP ports on local computer is TcpView. TcpView is not regarded as Intrusion Detection System however, gives a picture of all happenings in the computer ports and automatically refreshes them. As a result the user can see all the happenings.

1. Explain the main function of a firewall in network security. Analyse different kinds of firewall in brief.

Understanding Footprinting in Network Security

The main function of firewall is to block traffic that is intended to particular IP addresses and server ports. The untrusted traffic are kept away from reaching incoming ports by the use of firewalls. The two network interfaces that are used in Firewall are one for external side and the other for internal side. The unwanted traffic cannot pass from external side to the internal side of firewall interface (Luizelli et al., 2015). The trusted traffic are used to transverse from the external interface of the firewall to internal interface of the firewall. Firewall allows only those users to access the network who have a valid username and password. A secure connection is established between the network and the user by the use of firewall. Firewalls additionally help to eliminate Denial of Service attacks. Denial of Service (DOS) attack takes place when the attacker tries to flood the network with huge amount of traffic that shut down the server. The firewall assess traffic flow thereby resisting the network from DOS attack. Most companies use two firewalls to protect its network. One firewall is connected to the internet and the other to the internal network.

1. Evaluate and explain the selection criteria of a next generation firewall in details.

The common features that are provided by almost all type of firewalls are intrusion detection systems, wireless management systems, intrusion prevention systems, quality of service and application control systems. Huge number of next generation firewalls are available in the market that provides the same features (Halpern & Pignataro, 2015). Therefore, to differentiate among them selection criteria should be followed. They include platform type, feature set, manageability, price and support provided. Most of the next generation firewalls are either hardware, software or cloud based. The hardware based next generation firewalls can be applied best to large and middle sized enterprise. Software based next generation firewalls finds best application in small sized enterprise that consists of simple network infrastructures (Chen et al., 2015). The cloud-based next generation firewalls finds best application in highly decentralized enterprise. Additionally, the next generation firewalls should have features such as inline deep packet inspection, website filtering, security of mobile devices, prevention of data loss and threat intelligence. The performance and the quality of service of NGFWs needs to be considered while selecting amongst them. System configuration should be considered before selecting them. The system should be flexible and comprehensive and easy to manage. The price of different NGFW varies considerably with vendor. The price ranges from $599 to $80,000 (Kizza, J. M. (2013). Depending on the type of NGFW to be purchased the price is selected. The support system of the firewalls are also considered as a selecting criteria.

1. Evaluate the common network security problems and their solutions.

Evaluation of Tools for Footprinting with Examples

The common security problems that are encountered by a network are Network card and IP address issues, absence of connectivity, slow connectivity as well as problems that are caused by firewall status. In a number of situation two computers are given the same IP address therefore the network face connectivity issues while linking with the computers. The problem can be resolved by changing the IP address of one computer (Balmer et al., 2014). The network card functioning will be solved by checking functionality of the network card. In a network, a number of computer remains undetectable. To resolve this issue all the computers must be within the same subnet consisting of individual IP addresses. The problem of slow connectivity should be solved by sending bulky files in the form of zip files (Liang & Xiao, 2013). The firewall issues can be solved by setting strong firewall settings that will allow computers to share data.

1. Analyse and explain why network security is crucial for any business organisation.

The main reason that makes network security crucial for any business organisation is protecting company’s assets. Information of company is considered as asset to the company that needs to be secured. There are a large number of tangible assets in an organisation that makes it crucial to protect them. The company should take care of the fact that information is not accessed by unknown user. This can be achieved by limiting the access of users to the network. Every organisation has the responsibility of developing their own policy that complies with the regulatory requirements. In businesses like e-commerce and financial services network security is of prime importance as they deal with sensitive data like customer bank account number, credit card details and so on.

1. Analyse the scenario of TIA Software Company and create your own network security policies to protect network users and computers from the hackers.

The policies to protect network from hackers can be divided into general, responsibility, copyright and system vulnerability policies. The following points will describe the policies in details:

• General:

1. Access to organisation network should be limited to authorised users.
2. The organisation should restrict and limit the rights to access the network at its sole discretion. The policy also reserves the right to check network configuration and take action against individual who do not comply with the policy.

• Responsibility:

1. The policies that are implemented should be monitored on a daily basis.
2. Security audits as well as security scans should be performed according to the policy.
3. The users of the network should be educated with the ethical use of computers and about network security.
4. Strong encryption and authentication techniques are required to protect the network from security issues.

• Copyright policies:

1. Plagiarism, authorial integrity, and privacy invasion should be eliminated as per this policy.

References:

Balmer, M. L., Slack, E., De Gottardi, A., Lawson, M. A., Hapfelmeier, S., Miele, L., … & Bernsmeier, C. (2014). The liver may act as a firewall mediating mutualism between the host and its gut commensal microbiota. Science translational medicine, 6(237), 237ra66-237ra66.

Chen, G., Gong, Y., Xiao, P., & Chambers, J. A. (2015). Physical layer network security in the full-duplex relay system. IEEE transactions on information forensics and security, 10(3), 574-583.

Czyz, J., Luckie, M. J., Allman, M., & Bailey, M. (2016, February). Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. In NDSS.

Halpern, J., & Pignataro, C. (2015). Service function chaining (sfc) architecture (No. RFC 7665).

Jin, X., Li, L. E., Vanbever, L., & Rexford, J. (2013, December). Softcell: Scalable and flexible cellular core network architecture. In Proceedings of the ninth ACM conference on Emerging networking experiments and technologies (pp. 163-174). ACM.

Kizza, J. M. (2013). Guide to computer network security (pp. 387-411). London: Springer.

Liang, X., & Xiao, Y. (2013). Game theory for network security. IEEE Communications Surveys & Tutorials, 15(1), 472-486.

Luizelli, M. C., Bays, L. R., Buriol, L. S., Barcellos, M. P., & Gaspary, L. P. (2015, May). Piecing together the NFV provisioning puzzle: Efficient placement and chaining of virtual network functions. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on (pp. 98-106). IEEE.

Manshaei, M. H., Zhu, Q., Alpcan, T., Bac?ar, T., & Hubaux, J. P. (2013). Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), 25.

Manshaei, M. H., Zhu, Q., Alpcan, T., Bac?ar, T., & Hubaux, J. P. (2013). Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), 25.

Quinn, P., & Nadeau, T. (2015). Problem statement for service function chaining (No. RFC 7498).

Scott-Hayward, S., O’Callaghan, G., & Sezer, S. (2013, November). SDN security: A survey. In Future Networks and Services (SDN4FNS), 2013 IEEE SDN For (pp. 1-7). IEEE.

Yu, T., Sekar, V., Seshan, S., Agarwal, Y., & Xu, C. (2015, November). Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 5). ACM.