INTRUSION DETECTION AND PREVENTION TECHNOLOGIES 1

Intrusion Detection and Prevention Technologies

Capella University

IAS5220 – Network Security Controls and Testing.

Jan 24, 2019

Abstract

With the current state of security breaches and sensitive data exposure which is becoming

the norm of the day, international organization is looking any ways and means of advanced

technology to fight this pancreas having various network security options to secure their networks

system against any cyber attacks. Even though the use of a firewall alone those not solved the

problem of keeping up and away cyberattacks to the organization network system. Since there are

intruders seek to find network system flaws and weakness to have access to the network system so

that they are able to propagate distribution of the virus, denial-of-service attacks, packets and code

injection, steal sensitive data and changing system logs.

This paper describes the difference in “the intrusion detection and intrusion protection

technologies which are used to provide network security of international organization information

security. Discussing the paper will examine the strategic ways available for the application of IDS

and IPS technologies. The paper will review ways and means of rapid deployment and

maintenance of IDS and IPS technologies” (Capella, 2019, 17-18).

Keywords: intrusion detection, intrusion protection, network security,

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References

UNIT 3 VIRTUAL LAB 1

UNIT 3 VIRTUAL LAB 2

UNIT 3 VIRTUAL LAB 3

UNIT 3 VIRTUAL LAB 4

UNIT 3 VIRTUAL LAB 5

Introduction

As humanity becomes evolve around internet devices connectivity, e-commerce and social

media organization in charged with how to do, we are responsible for the network security that

assures the end user that his sensitive personal information, his online transaction data, and

valuable data which is generated are all secured. Can it be we have become much reliant and

needful of the Internet of Things which part of our life now without the fact that cyber attacks have

so prevalent it has course everyone and any organization the need for network security controls

deployed to handle and minimized the risk of cyber attacks ASAP? Whiles, there are still ongoing

and constant reminders of security breaches at a certain organization. End-user often than not still

ignored these risks of cyberattack and disregards the need for network security controls as much

as possible when computing from home office, any organization workstation. Although much

often than not administrators of organization deployed firewall to secure some network system

technologies which not full proof of being able to handle every cyberattack that are going on today.
INTRUSION DETECTION AND PREVENTION TECHNOLOGIES 7

Taken the firewall having its own flaws such as lacking an effective strong response

controls and manageability to be consistent network system security technology that can function

well in detection and prevention system. Most times administrators deploy firewall and intrusion

detection/prevention system, side by side. They can enforce a network security procedure between

network parameter defenses for inbound and outbound of network communication. which is the

first line of network system security defense and protective network system security devices. So,

therefore, international organization use Intrusion detection system which is put together

procedures of the technical device for the detection of suspicious activities which affects the

network and host-level. Since there are subcategories into the anomaly detection network system

and signature-foundation intrusion detection network systems. Signature-foundation intrusion

detection system works to find the signature sequence of an intruder by a virus, log suspicious

events, system logs change in rules and signature which can be detected by IDS application. For

the anomalies intrusion detection system works in finding the anomalies in network internet

protocols which is present in the protocol header details (Pappas, 2008, 4-5).

Since intrusion detection network system takes a capture of a generate information from

the network system communication traffic and examines it by the set of technical rules to see the

suspicious activities. Although there are snort that uses the rules of intrusion detection system to

find anomalies in the network protocol header or stores the text files which has been changing by

editor, then snort builds the startup time and the structure of the file to see the applied rules in the

captured information to continue examination of the signature and pattern (Pappas, 2008, 6-8).

 There are differential IDS which comes in the form of the Network IDS which

examines the packets of information in the network system traffic and compares

them to the network database system signature to whether is from an authorized

source or hacker signature.

 There are also the Host IDS which is host-based installed into the network system

even though some of them are proactive IDS system they can examine the network

traffic of specific host log files and system files to see hacker activities.

 There are also the Protocol IDS is installed to examine the Server for suspicious

events that affect the server.

 There are Software protocol IDS, Anomaly IDS, Misuse IDS and the Hybrid based

IDS which is the combination of 2 types of IDS.

The core mandates of the IDS is to examines, audits, validation and accounts for

the user system events, system formation management, events patterns, abnormal events,

and application audit trails administrations. And its restrictions of the IDS is that they can’t

stop cyber attacks which are ongoing, they send alerts upon seeing the suspicious pattern.

They can’t always keep up with all suspicious activities and they are not better at deploying

the filtering rules policies to prevent network system traffic attacks (Phillip, 2016, 9 -11).

Intrusion prevention system is able to block and drop any incoming malicious

packet on the network system traffic and terminating the network traffic connection or

network session hindering the access to the targeted user from the attacker. They are able

to change the system formation of security controls interrupting the cyberattacks to the

network system. It is able to understand the network system to create rules for any software

and its behavior. The ability to defend the core services of the network with such high

velocity. IPS works the ways of Signature-based, Statistical anomaly foundation, the

Stateful Protocol analysis these come from the IPS being able to search from attacker

patterns and match it to system database of preconfigured and encoded patterns of attack.
INTRUSION DETECTION AND PREVENTION TECHNOLOGIES 9

Also, from the profile-built database from attacker’s network metrics, packets number from

protocol, the attackers stated of networks and anticipated state from dropping packets

(Phillip, 2016, 15-17).

So, from the NIDS network, administrators can understand protocols associated

with a network stack, or software/OS so that packets allowed through network system

which process for the administrators analyzes. IDS are for the defensive measure approach

which can’t stop all ongoing cyber attacks. For network segregation/Trusted Platform zone

on the network system infrastructure, IPS with a firewall is the first line of defense for the

counterattack of hindering and dropping suspicious activities and from network system

segment parameter defense we use the IDS as the defensive measure approach of protection

network parameters.
INTRUSION DETECTION AND PREVENTION TECHNOLOGIES 10

References

Capella University, 2019, Courseroom, unit 3, Intrusion Detection and Prevention Technologies,

Date retrieved 01/26/2019,

https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_

162482_1&content_id=_7268977_1&mode=reset

Pappas, N. (2008). Network IDS & IPS Deployment Strategies. Date retrieved 01/26/2019,

https://www.sans.org/reading-room/whitepapers/intrusion/network-ids-ips-deployment-

strategies-2143

Kumar, B. S., Raju, T. C., Ratnakar, M., Baba, S. D., & Sudhakar, N. (2013). Intrusion Detection

System - Types and Prevention. Date retrieved 01/26/2019,

http://ijcsit.com/docs/Volume%204/Vol4Issue1/ijcsit2013040119.pdf

Phillip Bosco (2016) Intrusion Detection and Prevention Systems Cheat Sheet: Choosing the

Best Solution, Common Misconfigurations, Evasion Techniques, and Recommendations.

Date retrieved 01/27/2019, https://www.sans.org/reading-

room/whitepapers/intrusion/intrusion-detection-prevention-systems-cheat-sheet-

choosing-solution-common-misconfigurations-evasion-techniques-recommendations-

36677
INTRUSION DETECTION AND PREVENTION TECHNOLOGIES 11
INTRUSION DETECTION AND PREVENTION TECHNOLOGIES 12