Csec630 Lab 2 Essay

The two IDS uses different rulesets and thus a key decision need to be made when using one of them. Emerging Threat (ET) is an open source community that was originally created as sustenance to an open Snort rule set. However, the group produces ruleset that is compatible with both Snort and Suricata currently. The ET rulesets have the capability of producing a professional ruleset (ET-Pro). In professional ruleset, each item contains a rule portion that is enhanced for Snort, a rule portion that is enhanced for Suricata and an aware portion that is shared by both engines. The certified rule set for Snort is created by the Sourcefire Vulnerability Research Team (VRT) (Sikorski & Honig, 2012). The rules are sold immediately after release

Individual users play an important role in any form of institution or organization but concerns are raised about the security. The network administrators clearly lay down a set of rules, regulations and protocols that an individual user has to agree accordingly upon which part of the resources and what class of service that the user can obtain.

There are multiple aspects of security in this network, which I have tried to implement as much as possible. This is where the CIA triangle comes into play, confidentiality, rules and limits to access information; Integrity, making sure the data is accurate and trustworthy; Availability, having reliable access to the information. I am going to talk about each aspect in a list format and explain how it’s used in my network. One thing that will be performed on all network devices is system updates and patches. They will happen on a monthly basis, on a weekend when the networks are not being used.

“Security needs to be addressed as a continued lifecycle to be effective. Daily, there are new attack signatures being developed, viruses and worms being written, natural disasters occurring, changes in the organization workplace taking place and new technologies evolving, these all effect the security posture in the organization” (King, 2002). This being said, it is important to evaluate firewall and router rule sets more frequently. The possible threats against this policy include improperly configured network infrastructure which leads to a domino effect that could start with malicious programming which could end in data loss. Many of these threats may be unintentional as some users may not be aware of the risks and how their processes and procedures open the door for such attacks. For this reason alone, a more frequent evaluation is needed. This vulnerability could lead to data loss and the exposure of trade secrets, client lists and product design. The exposure of such information for most companies could mean a financial collapse as it no longer has the competitive edge that makes it the industry leader. While the likelihood of this threat is very high, “security risks to the network exist if users do not follow the security policy. Security weaknesses emerge when there is no clear cut or written security policy document. A security policy meets these goals:

Snort has almost more than 3000 predefined set of rules that are free to download from the snort.org website, these rules are precise and can vary from a wide ranges of

Security is almost certainly the most difficult aspect of a network to perfect. It is important to have the correct procedures and components in place to make certain network security is being accounted for and addressed on any given network. The journal, “Future Generation Computer Systems” elaborates on this necessity for an information system. “Future Generation Computer Systems”, this component of a network is discussed thoroughly. “Essentially securing an Information System (IS), involves identifying unique threats and challenges which need to be addressed by implementing the appropriate countermeasures” (Dimitrios Zissis, Dimitrios Lekkas, 2012). This was achieved through configuring access lists as well as CHAP configuration on the routers connecting to the edge

5. What are the three primary methods for implementing security on this network, as well as the advantages and disadvantages each?

What services are to be permitted and denied access to your network or computer? Make a list of what enters and leaves your network. Discuss

Provide at least 3 examples of Network Architecture Controls that help enforce data access policies at LAN-to-WAN Domain level.

Firewalls are set up on computers to help protect computers and other devices from attacks from potentially harmful websites and other resources. Proxies are servers that act as a middle man for computers. They allow users to make indirect connections to other servers. The LAN-to-WAN domain is where the infrastructure connects to the Internet. Updates, firewalls and proxies will help to keep things running and help to keep it protected.

Finally, gathering all this information would enable the network administrator adjust the IDS to attacks specific to the network.

The goal of intrusion detection is to monitor network assets, detect anomalous behavior, and identify misuse within a network (Ashoor, Gore, 2011). An intrusion detection system (IDS) is a device or software application that monitors network system activities for malicious activity or policy violations and produces reports to a management station (Kashyap, Agrawal, Pandey, Keshri, 2013), additionally there are three types of IDS:

Firewalls is categorized as a preventive control which is used as a defense shield around IT systems to keep intruders and hacking from occurring, whereas, an Intrusion Detection System (IDS) which is categorized as a detective control is used to detect intrusions that have already occurred (Cavusoglu, Mishra, & Raghunathan, 2005). However, IDSs are not

The technique can detect DDoS attacks as well and blocking complete botnets (Amna Riaz 2017). However, NIDS is going to face issues processing all packets in large virtual network and it may fail to detect attacks in time as SNORT is single threaded.

Most open source IDS are working as a result of multiple software and conditions. As example, Snort can run as a daemon (service) or as standalone application, but it may need additional resources and services. It can be enumerate a SQL server for its database logging or a Syslog server for log output, a Web Server for its GUI and multiple other library dependences. Usually the commercial IDS are able to retrieve and analyse data form multiple sources and platforms. The essential point is the fact an IDS can be hosted on one machine with all dependencies or the services can be hosted on several machines that configured work as a unitary system. Nevertheless, when the IDS services are deployed on multiple machines all of those must be secured