Skip to main content

 Data security week 5 blog

 

Intrusion Detection Systems

What is Intrusion Detection Systems?

Intrusion Detection Systems or in short form IDS. Am going to refer to Intrusion Detection Systems as IDS. IDS is a network security tool that is used to for detecting vulnerability exploits against a target application or computer. Intrusion Prevention Systems (IPS) extended IDS solutions by adding the ability to block threats in addition to detecting them and has become the dominant deployment option for IDS/IPS technologies. IDS monitors network traffic for unusual or suspicious activity and sends an alert to the administrator user. Detection of anomalous activity and reporting it to the network administrator is one of the main functions however, some IDS software can take action based on rules when malicious activity is detected, like blocking certain untrustworthy incoming traffic. IDS can be host based or network-based systems.

 


How can IDS protect your network?

 

There are two main types of intrusion detection systems

Host-based Intrusion Detection System (HIDS) – this system will examine events on a computer on your network rather than the traffic that passes around the system. Top 3 company for HIDS

·        SolarWinds Security Event Manager (SEM)

·        Event Log Analyzer

·        OSSEC (Open Source HIDS SECurity)

Network-based Intrusion Detection System (NIDS) – this system will examine the traffic on your network. Top 3 company for NIDS

·        CrowdStrike Falcon X (FREE TRIAL) 

·        Snort 

·        Zeek 

 

Network intrusion detection software and systems are now essential for network security. Now days these systems are very easy to use and most of the best IDSs on the market are free to use.

Let’s start with host-based IDS - HIDS is installed in a whole system and it can monitor traffic that is originate ING and common to that particular host only. If any attacks come from the network, the host-based IDS will not detect the threat. but if the horse base IDS is monitoring incoming and outgoing traffic the ideas can analyse the file system of a host users log in activities and running processes and data integrity etc.

 

Advantages of Host – based IDS

·        They  are capable of verifying if an attack was successful or not, whereas a network-based IDS only give an alert of the attack.                           

·        They can monitor all users’ activities which is not possible in a network-based system

·        They are capable of identifying attacks that originate from inside the host.                          

·        A host-based system can analyse the decrypted traffic to find attack signature-thus giving them the ability to monitor encrypted traffic.                                      

·        They do not require any extra hardware since they can be installed in the existing host servers.                    

·        They are cost effective for a small-scale network having a few hosts.

 

Disadvantages of Host – based IDS

 

·        The main disadvantages of this system are they can be compromised as soon as the host server is compromised by an attack. In addition, they eat up extra computing power from the host where it resides.

 

Now Network based IDS – For the network intrusion, the attack involves flooding or overloading the network, gathering data about the network to attack it from a weak point later, or inserting information into the network to spread and gain access from inside. It’s important to keep hacker detection tools active, so you can prevent these vulnerabilities from getting into your system in the first place. these types of IDS are strategically positioned in a network to detect any attack on the hosts of that network. To capture all the data passing through the network, you need to position your IDS at the entry and exit point of data from your network to the outside world.  You can also position some IDS near the strategic positions of your internal network, depending on the level of security needed in your network. Since a network-based IDS need to monitor all the data passing through the network, it needs to be very fast to analyse the traffic and should drop as little traffic as possible

 

Advantages of Network – based IDS

·        They Can Be Tuned to Specific Content in Network Packets -Firewalls may be able to show you the ports and IP addresses that are used between two hosts, but in addition a NIDS can be tuned to show you the specific content within the packets. This can be used to for uncovering intrusions such as exploitation attacks or compromised endpoint devices that are part of a botnet.

·        They Can Look at Data in the Context of the Protocol - When a NIDS performs protocol analysis, it looks at the TCP and UDP payloads. The sensors can detect suspicious activity because they know how the protocols should be functioning.

·        They Can Qualify and Quantify Attacks - An IDS analyses the amount and types of attacks. This information can be used to change your security systems or implement new controls that are more effective. It can also be analysed to identify bugs or network device configuration problems. The metrics can then be used for future risk assessments.

·        They Make It Easier to Keep Up with Regulation

·        Because an IDS gives you greater visibility across your network, they make it easier to meet security regulations. You can also use your IDS logs as part of the documentation to meet certain requirements.

·        They Can Boost Efficiency

·        Because IDS sensors can detect network devices and hosts, they can inspect the data within the network packets and identify the services or operating systems that are being utilized. This saves a lot of time when compared to doing it manually. An IDS can also automate hardware inventories, further reducing labour. These improved efficiencies can help to reduce an organization’s staff costs and offset the cost of implementing the IDS.

 

Disadvantages of Network – based IDS

 

·        They Will Not Prevent Incidents by Themselves - An IDS do not block or prevent attacks; they merely help to uncover them. Because of this, an IDS needs to be part of a comprehensive plan that includes other security measures and staff who know how to react appropriately.

·        An Experienced Engineer Is Needed to Administer Them - An IDS is immensely helpful for monitoring the network, but their usefulness all depends on what you do with the information that they give you. Because detection tools don’t block or resolve potential issues, they are ineffective at adding a layer of security unless you have the right personnel and policy to administer them and act on any threats.

·        They Do Not Process Encrypted Packets - An IDS cannot see into encrypted packets, so intruders can use them to slip into the network. An IDS will not register these intrusions until they are deeper into the network, which leaves your systems vulnerable until the intrusion is discovered. This is a huge concern as encryption is becoming more prevalent to keep our data secure.

·        IP Packets Can Still Be Faked - The information from an IP packet is read by an IDS, but the network address can still be spoofed. If an attacker is using a fake address, it makes the threat more difficult to detect and assess.

·        False Positives Are Frequent - One significant issue with an IDS is that they regularly alert you to false positives. In many cases false positives are more frequent than actual threats. An IDS can be tuned to reduce the number of false positives; however, your engineers will still have to spend time responding to them. If they don’t take care to monitor the false positives, real attacks can slip through or be ignored.

·        They Are Susceptible to Protocol Based Attacks - A NIDS analyses protocols as they are captured, which means that they face the same protocol-based attacks as network hosts. A NIDS can be crashed by protocol analyser bugs and also invalid data.

Access control

 

Access control is important because it is a valuable security technique that can be used to regulate who or what can view or use any given resource. Without proper access control you could leave your staff and your company wide open to problems such as data loss, theft or breach of privacy and data protection laws.

There are three main components to any access control set up. 

1.      Identification of who is accessing secured information/areas/assets

2.      Authentication of the individual to ensure they have the right permissions to grant access

3.      When authentication is successful, access control systems can then authenticate and grant access to the individual via password, pin, encryption, keys, smartcards, and fingerprints to the resource they’re looking to gain access to. 

 

how auditing to protect your  computer system.

A cyber security audit is designed to be a comprehensive review and analysis of your business’s IT infrastructure. A cyber security audit will help mitigate the consequences of a breach and demonstrate that your organisation has taken the necessary steps to protect client and company data. Internal audit has a critical role in helping organizations in the ongoing battle of managing cyber threats, both by providing an independent assessment of existing and needed controls and helping the audit committee and board understand and address the diverse risks of the digital world.

 

Stages of auditing

 

·        Vulnerabilities scanning and assessment

·        Configurations and compliance check

·        Malware detection

·        Penetration Testing

·        Back- up review and analysis

·        Detailed report with strategy overview

 

 

Advantages of auditing

 

·        Verify that your current security strategy is adequate or not

·        Check that your security training efforts are moving the needle from one audit to the next

·        Reduce cost by shutting down or repurposing extraneous hardware and software that you uncover during the audit

·        Security audits uncover vulnerabilities introduced into your organization by new technology or processes

·        Prove the organization is compliant with regulations – HIPAA, SHIELD, CCPA, GDPR, etc.


Comments

Post a Comment

Popular posts from this blog

VADDAL RILEY HOME WORKOUT IN LOCKDOWN!!!

Viddal Riley is a up and coming boxer, he has had 4 professional fight and has won all 4 fights, he also fought in the under card of  Manny Pacquiao in Las Vagas on the 28/02/2020 leading the only KO of that night. Viddal also has a Youtube  channel where he posts quite frequently. He post about Boxing, Coaching, Music and challenges if you want to check it out here it is  https://www.youtube.com/channel/UC9BaJIXnYSyYalbCVfZTZ4A . He has put out a video on a home work out that you can do in the lock down here it is -- Warm up -- 5 mins Skipping at your own level Double jump skipping High knees skipping Ground work -- Sit ups -- x12 Dorsal Raise -- x12 Pike Sit Ups -- x12 Bur-pee Stand Ups -- x12 Thumb Touching Push Ups -- x12 Pike Sit Ups Alternative Legs -- x12  Squat Thrust -- x12 Abdominal Hold -- 25 secs Bur-pee Jumps -- x12 Finger Tip Push Ups -- x12 Elbow To Knee Sit Ups -- x12  Rest Warn Down Done! Here is the link if you need a demonstration :--   h
Post a Comment
Read more
  Data security week 6 blog Configuration of firewall and I had to keep your device safe using firewall There are many firewalls out there some that may cost money and some that are free today we're going to focus on zone alarm firewall. In this example I'll be using the free trial package for zone alarm usually zone alarm does have   annual costs fee for £54.95. Zone Alarm protect home users and small businesses from emerging cyber threats with the same next-generation technology trusted by the world’s largest companies, tailored to your needs. The ZoneAlarm Firewall protects your computer from most of those threats. It defines three security zones Trusted, Public, and Blocked. By default, the Public Zone works in High security mode, and the Trusted Zone works in Medium security mode: High security mode for Public Zone lets you connect to network resources but prevents other unauthorized network users and computers from accessing the resources on your computer and co
Post a Comment
Read more
  Data security week 7 blog   Why is Backups important   The purpose of the backup is to create a copy of data that can be recovered in the event of a system failure. System failures can be the result of hardware or software failure, data corruption, a malicious attack (virus or malware), or accidental deletion of data. Backup copies allow data to be restored  would provide the means of restoring to a previous point after the incident has been dealt with. Backups is a vital method of storing data and keeping it safe, when you take your time and set up a good backup strategy you can ensure that data can easily be recovered. Storing copies of data on a separate device for example USB stick, an external hard drive, A disk ah storage system, cloud storage or tape drive   can protect you against data loss or corruption. most of these devices need to be at the location of your PC or laptop When trying to restore but you can store the devices in a safe place until you need it of you
Post a Comment
Read more