Protecting Vital Resources Intrusion Detection and Prevention Systems

IDPS and Components

Intrusion from the outside world, for good or bad, is serious concern in the networked global arena (Ierace et al., 2005). The loss of data and important and confidential business information can be utterly disastrous. Network systems that will detect and prevent such intrusions, therefore, are a necessity of the first order among enterprises. Intrusion attacks can come from hackers, malware or other old or new malicious creations from other sources. Intrusion detection is performed by monitoring computer systems and networks to sense indications of potential threats or violations on an organization's security policies. Another added feature is thwarting these threats before they can occur. Together, these are the components of an intrusion detection and prevention system or IDPS (Ierace et al.).

There are four classes of IDPS according to their functions and the methods they use (Ierace et al., 2005). These are network-based, wireless, network behavior analysis, and host-based systems. The network-based system monitors the whole network of all suspicious materials by scrutinizing all protocol activities. The wireless system oversees and analyzes all wireless network protocols of all suspicious phenomena. The network behavior analysis system investigates network traffic and identifies threats that create any unusual activity. This includes distributed denial of service attacks, malwares and violations of policies. And a host-based system is an installable software, which monitors a given host for probable or suspicious activities, by observing and scrutinizing these activities (Ierace et al.).

Components

These are sensors or agents, management servers, database servers, and consoles (Ierace et al., 2005). All four types have these components in common. Sensors or agents perform the monitoring and...

Management servers are centralized devices, which operate sensors or agents, receive the information they receive and then process these information collected. Database servers are not a vital part of the IDPS but these are repository of information received from sensors or agents. And consoles are a software program, which is installed on the desk or laptop. It configures sensors or agents and applies software updates. It only monitors (Ierace et al.).
Options for Implementing IDPS

Most intrusion prevention systems use one of three methods, namely signature-based, statistical anomaly-based, and stateful protocol analysis (Kanika, 2013). Signature-based detection characterizes an already known intruder or threat. Examples are a Telnet threat with a username of root, which violates an organization's security policy, or TCP SYN packets sent successively to different ports with free ring tones as subjects. This method compares observed occurrences or phenomena with a set of known or established signatures to detect possible intrusion or attempt. It is similar to an anti-virus scanner in that it also needs updates. Anomaly-based detection compares observed phenomena on a network or a host with their normal activity. It detects deviations from normal activity by means of threshold detection and profile detection. And stateful protocol analysis is somewhat similar to anomaly-based detection. But they differ in that stateful protocol analysis relies on universal profiles, which specify the use of protocols (Kanika).

Steps in Intrusion Detection

The first is to set up and lock a firewall, which is like a front door (Kanika 2013; Ierace et al., 2005). A firewall protects inside possessions from strangers outside through prevention software and prevention hardware. The second is to use or install software, which will reinforce security. It is beneficial to average PC users and easy to use and…