A Bout The System Of Monitoring The Software Network (Essay Sample)
The essay is a bout the system of monitoring the software networksource..
Intrusion Detection System
An (IDS) is an application that uses software that is used to monitor a network so that it can detect any activity that is malicious. If a malicious activity or any form of violation is detected, the information is immediately relayed to an administrator, or it is centrally collected. The collection is done using a system called security management and information (SIEM).The SIEM system makes use of a combination of outs that come from several sources and using the techniques called alarm system to differentiate an activity that is malicious and the alarms that are false. The IDS are of different spectrum that ranges from the software for the antivirus to the systems that monitor the traffic of the whole backbone network. The two most common categories of the IDS are the network intrusion system and the intrusion system that is host-based. (Abdullah 60).
Any system that monitors the necessary files for operating systems is an example of HIDS and the System That Does the Analysis of the network traffic that is incoming is an example of NIDS.Another form of classifying IDS is through the use of the method of detection. Under this category, there are the detectors that use the signature to do the detection. They can detect and recognize the bad patterns such as the malware. The other group is the one that detects anomalies (anomaly-based detection).They can detect any deviations from the normal traffic model. They rely on the machine learning. A few NIDS can respond immediately to the intrusions that have been detected. The systems that have the ability to respond are referred to as the intrusion prevention systems (Abdullah 62).
NIDS are placed at points that are strategic so that they can monitor the to and fro traffic flow of all the devices that are within the network. It analyses the who traffic that passes through the whole subnet. It then tries to match the traffic that is moving to the subnets to the library comprising of the known attacks. The moment a behavior that is abnormal or an attack is identified, the alert will automatically be sent to the administrator. The most commonly used tools for the simulation of the NIDS are the OPNET and Netsim.The have the ability to compare signatures packets so that it create a link and then drop the harmful packets that have been detected if they have a signature that matches the library records in the NIDS.If the NIDS are classified according to the interactivity of the system, there are 2 types namely: The online which deals with the network immediately an abnormality is detected. It analyses the Ethernet packets and using the program rules that are set; it is able to decipher whether it is an attack or not. The offline DIDS deals with the data that is stored and takes it through certain processes to make a decision whether it is an attack or not.
The Intrusion Prevention System (IPS)
This is a technology that is used to prevent to prevent any threats to the network. It examines how the network flows and with the aim of detecting and preventing any vulnerabilities. The vulnerability in exploits comes through the introduction of a malicious input to the application that is targeted. It prevents the inputs that are malicious which are used by hackers with the aim of gaining control of a machine. The hacker is able to render the application useless because it cannot be used if he/she manages to penetrate the system that is the target successfully. This will result in the machine or application losing its service. Sometimes, the attacker can access all the information that the application that the targeted has been compromised has. The HIDS operate on individual devices on the network. This only does the monitoring of outbound and outbound packets from only the device. It will make the user aware if anything that is suspicious is detected. If for instance, the vital files were either deleted or modified, the administrator will be alerted to do an investigation. HIDS are commonly seen on the machines that are mission critical whose configurations are not expected to be changed. The IDS can also be made to be system specific if the custom tools are used. ( Harold and Micki 993).
The IPS is placed just directly behind the fireball so that it can provide a layer of analysis that is complementary against any dangerous content. The IPS is inline and active whereby it is in the direct communication between the destination and source. It is always actively doing an analysis as it takes actions that are automatic on all the traffic flows that enter the network. The actions include the following:
* Automatic sending of an alarm to the administrator
* The packets that are malicious are dropped
* The traffic from the source address is blocked
* The connection is reset
The IPS has several methods of detecting exploits, but the main ones are the anomaly-based and the statistical one. The signature-based mode of detection relies on the dictionary that contains the patterns that are uniquely identified. The moment an exploit is identified, its unique signature is recorded and kept in a dictionary containing signatures that are ever growing.
Both systems have the following limitations:
* Noise can affect the effectiveness of the IDS.Sometimes the packets that are bad that are generated by the bugs from the software can make the data to be corrupted, and the false alarm can be created by packets that escaped.
* In some cases, the number of real attacks is more than the number of the false alarms created. This makes the real attacks to be either missed or ignored.
* If the signature that is used in the IDS is outdated, it will be left vulnerable to the attacks.
The Difference between IDS and IPS
There are so many challenges while trying to maintain the security of network that is open for the customers to use. Modern cyber attackers are so sophisticated that they can hack and stop even the best security systems that are installed by computer experts. There should be no assumption that firewalls and encryption can protect computers. Those are too basic for the modern-day hacker. Those technologies cannot prevent current attacks. Though the two have the same base, they join the network at different places, their functions are different and the problems that they solve are also different. An IDS is a system that is used to monitor and detect any activities that are incorrect, inappropriate and anomalous in the network while an IPS detects any attacks before it intrudes and takes the necessary measures to prevent it. Therefore, the main difference is that the IPS takes immediate automatic steps to ensure that the attack does not go beyond the point of intru...