Literature Review About IPS And IDS Computer Science Essay

Literature Review About IPS And IDS Computer Science EssayIn this chapter is to provide the study and review article about trespass Detection carcass and infraction cake carcass which have done by expert and professor. According to (Tony Bradley, 2004), intrusion detection ashes (IDS) is to monitor dealings and monitor for suspicious activity. And it will give alerts to net profit administrator and the dodge. And IDS excessively will respond to malicious traffic by victorious action to block the user or the IP address from accessing to the network. According to (Ameya Talwalkar, Symantec Manager of Intrusion prevention frames), Intrusion prevention System (IPS) is a justification technology to provide security of the network. It is the front line to defence against malw are, Trojans, Dos attacks, malicious code transmission, backdoor activity and blended threats. The next section will give up the details of Intrusion barroom System (IPS). Figure 1.1 is the flowchart of the key points in literature review about IPS and IDS.What isIPSWhat isIDSLiterature reviewWhat isHIDSWhat isHIPSWhat isNIPSWhat isNIDSIdentify ProsConsWhich are better to prevent threatsFigure 1.1 Classifying the literature review2.2 Intrusion Prevention System (IPS)There are some benefits have been justified Intrusion Prevention System as a breakthrough in the computer security. According to (Neil Desai, 2003), the main supporting idea on technical side of Intrusion Prevention System is inline network-establish transcription. Besides that, there also have another variation of IPS which is called Layer 7 switches that have include detection and migration of Distributed Denial-if-Service attack (DDoS) and Denial-of-Service attack (DoS) based on awareness of the traffic. Every Intrusion Prevention System will generate alert based on policy or signature and they also will initiate a response which have been programmed into the system. These aleart will happen as a result for a sig nature match or misdemeanour of uniqueness.Secondly, gibe to (Benjamin Tomhave, 2004) there have a reports have identifies most of the Intrusion Detection System also have been include Intrusion Prevention System capabilities. It given a good defines set of signature or policies. So it makes sense for Intrusion Detection System work with Intrusion Prevention System capabilities. At the end, a successful deployment and the return on the investment will directly relate to how well to manage the solution and how well the network has been design.Thirdly, agree to (Joel Esler, Andrew R.Baker, 2007) stated that Intrusion Prevention System are more in defence. It has been design to detect malicious packets inside the normal traffic and stop intrusions dead. And automatically block all the unwanted traffic before it bring any damage to the system rather than giving alert before or afterwards the malicious packets have been delivered.Fourthly, Intrusion Prevention System has been added to existing firewall and antivirus solution. According to (Karen Scarfone, instrument Mell, 2007) Intrusion Prevention System is to monitor traffic and automatically neutralise the packets which has included malicious, scrutinizing suspicious sessions or taking other actions in immediate real time response to an attack. A good Intrusion Prevention craft will check all inbound and outbound traffic. It can check on all types of packets and performs many type of detection analysis, which is a not just now individual packet. It also needs to check on traffic pattern, view each of the transaction in the context of the packets come before and after.Lastly, Intrusion Prevention System product should take the advantages and implement some new detection technique and offer other type of intervention method. According to (Joel Esler, Andrew R.Baker, 2007) Intrusion Prevention System products should provide multiple modes of operation for user to choose, so they can become more confident i n the product or change their network security policies.There are two types of ISP which are HIPS and NIPS. Host-based Intrusion Prevention (HIPS) is an application which monitors a single host for suspicious activity. Network-based Intrusion Prevention (NIPS) is to take apart protocol activity on the entire network. The next section will discusses about HIPS and NIPS.2.2.1 Host-based Intrusion Prevention System (HIPS)According to (Dinesh Sequeira, 2002), Host-based Intrusion Prevention System is a software program install on individual system such as laptop, workstations or servers. When it detected an attack, the Host-based Intrusion Prevention System will block the attack at network interface level or tell the application or operating system to prevent the attack.Secondly, according to (NSS Group, 2004) Host-based Intrusion Prevention Systems relies on agents installed directly on the system cosmos protected. Host-based Intrusion Detection Systems are binds closely with the ope rating system kernel and services, monitoring and intercepting system calls to the kernel or APIs in order to prevent attacks as well as records them. It may also monitor data streams and the environment special to a particular application (file locations and Registry settings for a Web server) in order to protect these applications from generic attacks which signature has not yet exists in the database.Lastly, according to (Neil Desai, 2003) Host-based Intrusion Prevention Systems are used to protect both servers and workstations through software that runs between the systems applications and OS kernel. The software can be reconfigured to determine the security system rules based on intrusion and attack signatures. The Host-based Intrusion Prevention Systems will catch suspicious activity on the system and then, depending on the predefined rules, it will either block or allow the event to happen.At the next section, we will discuss about Network-based Intrusion Prevention (NIPS) and intrusion detection system (IDS).2.2.2 Network-based Intrusion Prevention System (NIPS)Network Intrusion Prevention Systems (NIPS) are totally operating on a different concept which serves the purpose to build computer hardware or software platforms that are designed to analyze, detect, and report on security related events. Network Intrusion Prevention Systems are designed to inspect traffic and based on their configuration or security policy, they can drop malicious traffic as well as prevent the network from being contaminated with malicious data such as virus and worms. Network-based Intrusion Protection System able to detect malicious packets which are design to sink by firewall filtering rules. Intrusion Prevent System is not a replacement for firewall but it is one part in the intelligent firewall. It is used to increase system specific or network wide security. The advantages of Network-based Intrusion Prevention System discussed as follows NIPS reduce Constant Monitor ing NIPS is an inline network device NIPS perform involved packet inspection NIPS as a tool to prevent attacksTony Bradley, (2004), Online http//netsecurity.about.com/cs/hackertools/a/aa030504.htm Accessed 5th March 2004Jonathan Hassell, (2005), Online http//searchenterprisedesktop.techtarget.com/news/column/0,294698,sid192_gci1089830,00.html Accessed 19th May 2005Neil Desai, (2003), Online http//www.symantec.com/ charge/articles/intrusion-prevention-systems-next-step-evolution-ids Accessed 27th February 2003Benjamin Tomhave, (2004), Online http//docs.google.com/viewer?a=vq=cacheZlxT5m72JZwJfalcon.secureconsulting.net/papers/218-Research-Paper-FINAL.pdf+Benjamin+Tomhave+2004+IPS+articlehl=engl=mypid=blsrcid=ADGEEShEwpU07d-WvGPhlP3rIASlIyrH0CbGBjGBseUptTNHYRFqaApljgqESo9QEftMQHf3CApOji91saq_gEj-ZlLMXx3aPBS6SckaoJrzVwPiZBwTQ6gcpoHaH0ER-l4_ygilLw9asig=AHIEtbS-NuLUg635h_DHoKW8qafXwRwJUw Accessed 10th November 2004Joel Esler, Andrew R.Baker, (2007), Snort IDS and IPS Toolkit, Online htt p//books.google.com.my/books?id=M9plZZxJB_UCpg=PR3dq=Snort+IDS+and+IPS+Toolkit+IDS+and+IPS+toolkithl=enei=_yDETK7iDM34cYK6la4Fsa=Xoi=book_resultct=book-preview-linkresnum=2ved=0CDYQuwUwAQv=onepageq=Snort%20IDS%20and%20IPS%20Toolkit%3A%20IDS%20and%20IPS%20toolkitf=false Accessed 1st February 2007)Karen Scarfone, Peter Mell, (2007), Guide to Intrusion Detection and Prevention Systems (IDPS) , Online http//csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf Accessed February 2007NSS Group, (2004), Intrusion Prevention Systems (IPS), Online http//hosteddocs.ittoolbox.com/BW013004.pdf Accessed January 2004Dinesh Sequeira (2002), Intrusion Prevention System Securitys Silver Bullet?, Online http//docs.google.com/viewer?a=vq=cacheOK14t-hsmQAJwww.sans.org/reading_room/papers/%3Fid%3D366+Intrusion+Prevention+Systems+Security%27s+Silver+Bullet%3Fhl=engl=mypid=blsrcid=ADGEEShhB2J1ArllgI1mGNhp91RCpNpSf0t7BGUQtWPwmISpe3xmaTI0ym-Bh0Thlq2Gmoq9K6vRKN7xBKphn_fwCgUFaPej_NetBAPccgZXY0wSVyFAlLzsNkM wZjqSdn4XEdxAybctsig=AHIEtbQqUFej4tL8ln14oplPfky7GGstMA Accessed 2002