Question 1:
What is intrusion detection? (Intrusion = how the system detect when something come to the system)
With the exponential growth of internet and network computers, cybercrime has become one of the most pertinent problems in the computer world. All over the world, companies and governments are increasingly dependent on their computer networks and communications, hence the need to protect the system from attack. From online credit card, compromise computer server and other primary enormities have created a crowd of distrust among online customers. There is a need to find the best way possible to protect our information system.
A single intrusion of a computer network can result is lost, unauthorized utilization or modification of large amount of data and caused the paralyses of normal usage of the network communications. Intrusive behaviors can be categorized by different attack types. Intrusion Detection System (IDS) can deal with the compucational intelligence involved in realizing that some attacks are underway, alert the system administrator of its form and severity and perhaps take preprogram or adaptively learnt measures to prevent the intrusion.
Intrusion detection is identifying unauthorized users in a computer system. It is also define as a problem of protecting computer network systems from being compromise. In the early days of computing security was not considered a big concern for system and software design. The security problem which appeared in 1970 was mainly unauthorized users breaking into users account with the intention of stealing important information. Starting from the exponential growth of the internet from a network system and devices has make securities a major concern. Over the years, the network security community have developed several specialize system to secured network infrastructure that include network scanners, vulnerability analyzer, firewall and IDS.
Every system focuses on different aspects of providing protection with different functionality. Individually, the systems do not provide complete security, but on the other hand if a few of the system properties are combining and deployed throughout the network, they might provide robust security services.
Question 2:
What are the current threats on the network infrastructure?
The issues related to network security has been lingering for a long time now, specifically on the numerous potential threats to information on a network. Threats to network security range from harmless trend, demonstrating crime of destruction and theft. This threat can come from sources that are either internal or external to the network.
Internal threats to a network are a major source of strain on the level of security attained by that network. This threat generally comes from unethical employees in the organization.
External threats to network securities generally referred to as hackers, can be equally or view sensitive information, hackers must use password sniffers, IP flooping and e-mail attacks. Regardless of the method used to gain entry on through a network or view communication data. Hackers can fully jeopardize the network security and potentially to strongly damaged to the data and system within. The virus is potentially one of the most dangerous threats to network securities. Viruses can corrupt or destroy data, alter files and possibly bring a network to a grinding halt. (Halt = Stop)
Additional forms of malicious software such as Trojan Horse,
Question 3:
What are the existing protection measures for network?
As the network growths faster, threats to the network also rise together. Unfortunately, the preventive measures of preventive techniques are not hardened and are unable to handle the issue raise by the threats.
The first method of protection is to address the actual physical layer of the network to assure that it is properly equipped. Physical security is an initial concern when designing a secured network. The easiest and best way of protecting important machines like servers is to secure them under lock and key. However, this is not a complete solution instead it should be use in parallel with other crimitive measures.
Additionally, firewalls and encryptions should be incorporated into a network to heighten the security. A firewall is a gateway to which information enter and exit. On one side of the feet side on the information needed from the outside world combine with the undesirable threats if external networks.
Encryption is a method to which network security is heightened and encrypted document cannot be raid by anyone who does not posses the key or formula that is used to translate the original text into chipper text. Use properly and in combination of this techniques to provide a concrete foundation for a secured network.
Question 4:
What are the desirable characteristics of any Intrusion Detection System (IDS)?
There are a few desirable characteristics based on (Sundaram 1996, Gross 1997, Jackson 1999, Base 2000) and most of the currently available IDS satisfied few conditions:
i) It must run continuously with minimum human supervision
ii) It must be fault tolerant. The system must be able to recover from system crashes
iii) It must resist subversion that must be significant difficulty for an attacker to disable or modify IDS. The IDS must be able to monitor itself and detect if an attacker had modified it
iv) It must be host only a minimal overhead on the system where it runs to avoid interfering with their normal operations
v) It must be configurable to accurately implement to security policies of the system that are being monitored
vi) It must be easy to be deployed. This can be achieve to portability to different architectures and operating system through simple installation mechanism
vii) It must be adaptable to changes in system and uses behavior overtime
viii) It must not flat any legitimate activity as an attack and must not be failed in any attack
Technically it is not feasible to build a system with the entire above characteristic as the hardware industry has not come of age to take this burden. Further processing of network packets need resources that there are more delegated. Also, the normal user profile might change from time to time as new network techniques come into the market. Consequently, any IDS must have constant updates about the normal user behaviors. Although IDS without human intervention is highly impossible at this moment, yet it is possible with minimum supervision.