Literature Review About IPS And IDS Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In this chapter is to provide the study and review about Intrusion Detection System and Intrusion Prevention System which have done by expert and professor. According to (Tony Bradley, 2004), intrusion detection system (IDS) is to monitor traffic and monitor for suspicious activity. And it will give alerts to network administrator and the system. And IDS also will respond to malicious traffic by taking action to block the user or the IP address from accessing to the network. According to (Ameya Talwalkar, Symantec Manager of Intrusion Prevention Systems), Intrusion Prevention System (IPS) is a protection technology to provide security of the network. It is the front line to defence against malware, Trojans, Dos attacks, malicious code transmission, backdoor activity and blended threats. The next section will present the details of Intrusion Prevention System (IPS). Figure 1.1 is the flowchart of the key points in literature review about IPS and IDS.

What is

IPS

What is

IDS

Literature review

What is

HIDS

What is

HIPS

What is

NIPS

What is

NIDS

Identify Pros

&

Cons

Which are better to prevent threats

Figure 1.1: Classifying the literature review

2.2 Intrusion Prevention System (IPS)

There are some benefits have been justified Intrusion Prevention System as a breakthrough in the computer security. According to (Neil Desai, 2003), the main supporting idea on technical side of Intrusion Prevention System is inline network-based system. Besides that, there also have another variation of IPS which is called Layer 7 switches that have include detection and migration of Distributed Denial-if-Service attack (DDoS) and Denial-of-Service attack (DoS) based on awareness of the traffic. Every Intrusion Prevention System will generate alert based on policy or signature and they also will initiate a response which have been programmed into the system. These aleart will happen as a result for a signature match or violation of uniqueness.

Secondly, according to (Benjamin Tomhave, 2004) there have a reports have identifies most of the Intrusion Detection System also have been include Intrusion Prevention System capabilities. It given a good defines set of signature or policies. So it makes sense for Intrusion Detection System work with Intrusion Prevention System capabilities. At the end, a successful deployment and the return on the investment will directly relate to how well to manage the solution and how well the network has been design.

Thirdly, according to (Joel Esler, Andrew R.Baker, 2007) stated that Intrusion Prevention System are more in defence. It has been design to detect malicious packets inside the normal traffic and stop intrusions dead. And automatically block all the unwanted traffic before it bring any damage to the system rather than giving alert before or after the malicious packets have been delivered.

Fourthly, Intrusion Prevention System has been added to existing firewall and antivirus solution. According to (Karen Scarfone, Peter Mell, 2007) Intrusion Prevention System is to monitor traffic and automatically drop the packets which has included malicious, scrutinizing suspicious sessions or taking other actions in immediate real time response to an attack. A good Intrusion Prevention device will check all inbound and outbound traffic. It can check on all types of packets and performs many type of detection analysis, which is a not only individual packet. It also needs to check on traffic pattern, view each of the transaction in the context of the packets come before and after.

Lastly, Intrusion Prevention System product should take the advantages and implement some new detection technique and offer other type of intervention method. According to (Joel Esler, Andrew R.Baker, 2007) Intrusion Prevention System products should provide multiple modes of operation for user to choose, so they can become more confident in the product or change their network security policies.

There are two types of ISP which are HIPS and NIPS. Host-based Intrusion Prevention (HIPS) is an application which monitors a single host for suspicious activity. Network-based Intrusion Prevention (NIPS) is to analyze protocol activity on the entire network. The next section will discusses about HIPS and NIPS.

2.2.1 Host-based Intrusion Prevention System (HIPS)

According to (Dinesh Sequeira, 2002), Host-based Intrusion Prevention System is a software program install on individual system such as laptop, workstations or servers. When it detected an attack, the Host-based Intrusion Prevention System will block the attack at network interface level or tell the application or operating system to prevent the attack.

Secondly, according to (NSS Group, 2004) Host-based Intrusion Prevention Systems relies on agents installed directly on the system being protected. Host-based Intrusion Detection Systems are binds closely with the operating system kernel and services, monitoring and intercepting system calls to the kernel or APIs in order to prevent attacks as well as records them. It may also monitor data streams and the environment specific to a particular application (file locations and Registry settings for a Web server) in order to protect these applications from generic attacks which signature has not yet exists in the database.

Lastly, according to (Neil Desai, 2003) Host-based Intrusion Prevention Systems are used to protect both servers and workstations through software that runs between the system's applications and OS kernel. The software can be reconfigured to determine the protection rules based on intrusion and attack signatures. The Host-based Intrusion Prevention Systems will catch suspicious activity on the system and then, depending on the predefined rules, it will either block or allow the event to happen.

At the next section, we will discuss about Network-based Intrusion Prevention (NIPS) and intrusion detection system (IDS).

2.2.2 Network-based Intrusion Prevention System (NIPS)

Network Intrusion Prevention Systems (NIPS) are totally operating on a different concept which serves the purpose to build hardware or software platforms that are designed to analyze, detect, and report on security related events. Network Intrusion Prevention Systems are designed to inspect traffic and based on their configuration or security policy, they can drop malicious traffic as well as prevent the network from being contaminated with malicious data such as virus and worms. Network-based Intrusion Protection System able to detect malicious packets which are design to overlook by firewall filtering rules. Intrusion Prevent System is not a replacement for firewall but it is one part in the intelligent firewall. It is used to increase system specific or network wide security. The advantages of Network-based Intrusion Prevention System discussed as follows:

- NIPS reduce Constant Monitoring

- NIPS is an inline network device

- NIPS perform deep packet inspection

- NIPS as a tool to prevent attacks

Tony Bradley, (2004), [Online] http://netsecurity.about.com/cs/hackertools/a/aa030504.htm [Accessed 5th March 2004]

Jonathan Hassell, (2005), [Online] http://searchenterprisedesktop.techtarget.com/news/column/0,294698,sid192_gci1089830,00.html [Accessed 19th May 2005]

Neil Desai, (2003), [Online] http://www.symantec.com/connect/articles/intrusion-prevention-systems-next-step-evolution-ids [Accessed 27th February 2003]

Benjamin Tomhave, (2004), [Online] http://docs.google.com/viewer?a=v&q=cache:ZlxT5m72JZwJ:falcon.secureconsulting.net/papers/218-Research-Paper-FINAL.pdf+Benjamin+Tomhave+2004+IPS+article&hl=en&gl=my&pid=bl&srcid=ADGEEShEwpU07d-WvGPhlP3rIASlIyrH0CbGBjGBseUptTNHYRFqaApljgqESo9QEftMQHf3CApOji91saq_gEj-ZlLMXx3aPBS6SckaoJrzVwPiZBwTQ6gcpoHaH0ER-l4_ygilLw9a&sig=AHIEtbS-NuLUg635h_DHoKW8qafXwRwJUw [Accessed 10th November 2004]

Joel Esler, Andrew R.Baker, (2007), Snort IDS and IPS Toolkit, [Online] http://books.google.com.my/books?id=M9plZZxJB_UC&pg=PR3&dq=Snort+IDS+and+IPS+Toolkit:+IDS+and+IPS+toolkit&hl=en&ei=_yDETK7iDM34cYK6la4F&sa=X&oi=book_result&ct=book-preview-link&resnum=2&ved=0CDYQuwUwAQ#v=onepage&q=Snort%20IDS%20and%20IPS%20Toolkit%3A%20IDS%20and%20IPS%20toolkit&f=false [Accessed 1st February 2007)

Karen Scarfone, Peter Mell, (2007), Guide to Intrusion Detection and Prevention Systems (IDPS) , [Online] http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf [Accessed February 2007]

NSS Group, (2004), Intrusion Prevention Systems (IPS), [Online] http://hosteddocs.ittoolbox.com/BW013004.pdf [Accessed January 2004]

Dinesh Sequeira (2002), Intrusion Prevention System â€" Security’s Silver Bullet?, [Online] http://docs.google.com/viewer?a=v&q=cache:OK14t-hsmQAJ:www.sans.org/reading_room/papers/%3Fid%3D366+Intrusion+Prevention+Systems:+Security%27s+Silver+Bullet%3F&hl=en&gl=my&pid=bl&srcid=ADGEEShhB2J1ArllgI1mGNhp91RCpNpSf0t7BGUQtWPwmISpe3xmaTI0ym-Bh0Thlq2Gmoq9K6vRKN7xBKphn_fwCgUFaPej_NetBAPccgZXY0wSVyFAlLzsNkMwZjqSdn4XEdxAybct&sig=AHIEtbQqUFej4tL8ln14oplPfky7GGstMA [Accessed 2002]

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.