Intrusion Detection and Prevention Systems
Here will be applying the different Intrusion detection and prevention system tools that could lead us to a better protected wireless system for our company. Our company will be based on a well thought out security system that will run our business smoothly. This part of security will be intrusion detection system (IDS), which includes three different types; network intrusion detection systems (NIDS), host-based intrusion detection system (HIDS), stacked-based intrusion detection system (SIDS). While they are divided into different systems the intrusion detection system also has 3 different methods to detect the attack: Signature-based Detection, Statistical Anomaly-based Detection, and Stateful Protocol Analysis Detection. Next will be intrusion prevention system (IPS) which is divided to four different types; network-based intrusion prevention (NIPS), wireless intrusion prevention systems (WIPS), network behavior analysis (NBA), and Host-based Intrusion Prevention (HIPS). By identifying all of these different classifications and methods the process of our computers will be secured.
Following up on our wireless solutions for our company, we have already provided the encryption and authentication. As our business look into more wireless solution, the intrusion detection and prevention systems will be another benefit to the company. Intrusion detection is a type of software application that watches the system and networks then manages a report if any virus or unknown activities are occurring which includes violations of policies of the company which is a big issue for security. However, intrusion prevention is the next process for the intrusion detection to work effectively by having the ability to prevent and stop a threat. So what exactly is intrusion detection and prevention systems? IDPSs are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. (Scarfone and Mell, 2007)
One main reason why our company would want to recommend using this is have our computer data and system integrity protected. By doing so, an extra layer of security protection will be provided in our computer systems. One example would be if an unauthorized user were to try to log into the computer systems it would be not allowed because of different protections such as the encryption and authentication of our clients and staff then using the IDPS to prevent the unknown threat to occur. Network Intrusion Detection System (NIDS)
Network-based intrusion detection systems would be one of the most important factors for our security. Basically, it real time and monitors the network and detects malicious and suspicious activity from the network traffic that is being processed through our computers. In order to go through the network they are connected to either the network hub or network switch to port mine. Here are a few examples how NIDS can be used effectively by examining packets through the network, if they are legitimate packets then let them pass but record them for future analysis, and When a packet endangers the security or integrity of a target system, immediately stop transmission of the packet by sending TCP "connection closed" or ICMP "port unreachable" messages to both the target system and the system sending the packet. (Whitehelm.com)
By implementing network-based IDS, our company will have the necessary adjustments to analyze the networks incoming and outgoing traffic. Some components that may be needed are sensors, one or more management servers, multiple consoles, and optionally one or more database servers.( Scarfone and Mell 2007). Also, a network interface card will have to be in use because there are two different modes in which data packets are being transferred. The two modes are normal mode and promiscuous mode. Our company will be applying the promiscuous mode because it is better...
Please join StudyMode to read the full document