Intrusion Detection and Prevention Systems IPDS

Protecting Vital Resources

Intrusion Detection and Prevention Systems

IDPS and Components

Intrusion from the outside world, for good or bad, is serious concern in the networked global arena (Ierace et al., 2005). The loss of data and important and confidential business information can be utterly disastrous. Network systems that will detect and prevent such intrusions, therefore, are a necessity of the first order among enterprises. Intrusion attacks can come from hackers, malware or other old or new malicious creations from other sources. Intrusion detection is performed by monitoring computer systems and networks to sense indications of potential threats or violations on an organization's security policies. Another added feature is thwarting these threats before they can occur. Together, these are the components of an intrusion detection and prevention system or IDPS (Ierace et al.).

There are four classes of IDPS according to their functions and the methods they use (Ierace et al., 2005). These are network-based, wireless, network behavior analysis, and host-based systems. The network-based system monitors the whole network of all suspicious materials by scrutinizing all protocol activities. The wireless system oversees and analyzes all wireless network protocols of all suspicious phenomena. The network behavior analysis system investigates network traffic and identifies threats that create any unusual activity. This includes distributed denial of service attacks, malwares and violations of policies. And a host-based system is an installable software, which monitors a given host for probable or suspicious activities, by observing and scrutinizing these activities (Ierace et al.).

Components

These are sensors or agents, management servers, database servers, and consoles (Ierace et al., 2005). All four types have these components in common. Sensors or agents perform the monitoring and analyzing function. Management servers are centralized devices, which operate sensors or agents, receive the information they receive and then process these information collected. Database servers are not a vital part of the IDPS but these are repository of information received from sensors or agents. And consoles are a software program, which is installed on the desk or laptop. It configures sensors or agents and applies software updates. It only monitors (Ierace et al.).

Options for Implementing IDPS

Most intrusion prevention systems use one of three methods, namely signature-based, statistical anomaly-based, and stateful protocol analysis (Kanika, 2013). Signature-based detection characterizes an already known intruder or threat. Examples are a Telnet threat with a username of root, which violates an organization's security policy, or TCP SYN packets sent successively to different ports with free ring tones as subjects. This method compares observed occurrences or phenomena with a set of known or established signatures to detect possible intrusion or attempt. It is similar to an anti-virus scanner in that it also needs updates. Anomaly-based detection compares observed phenomena on a network or a host with their normal activity. It detects deviations from normal activity by means of threshold detection and profile detection. And stateful protocol analysis is somewhat similar to anomaly-based detection. But they differ in that stateful protocol analysis relies on universal profiles, which specify the use of protocols (Kanika).

Steps in Intrusion Detection

The first is to set up and lock a firewall, which is like a front door (Kanika 2013; Ierace et al., 2005). A firewall protects inside possessions from strangers outside through prevention software and prevention hardware. The second is to use or install software, which will reinforce security. It is beneficial to average PC users and easy to use and understand. Its web security services are concentrated audits intended for network administrators. The third step can be performed through land-based hardware, such as Cisco or NetGear, by configuring direct and tight web security. The fourth step is the use of ads or some other tricky pop ups. Although the front door is locked, some damaging website may deceive and acquire entry by using such tricky pop ups like "ho to turn off security services on the web." It may also be disguised as asking for a choice between "yes" or "no." When an answer is made, intrusion can occur. And the fifth and last step is by installing spyware removal programs and by backing it up with a virus prevention program. The use of these 5 steps will provide sufficient protection for one's computer and get rid of worries (Iarace et al.).

Processes for Incident Response for IDPs

The form, impact and severity of the incident determine the length of processes and if some of the processes may be merged or eliminated (Kanika, 2013). The incident response cycle begins with the process of protecting personal or business information before intrusion occurs. This can be done by performing specific and documented procedures, promoting user awareness, modifying an operating system or corresponding security tools. An incident response cycle will effectively protect an organization's information from all levels. When all reports and policies are kept concise and clearly written and properly enforced by the incident response staff, the cycle can be a thorough success (Kanika).

How to Configure an IDPS

Open the realm pub-key text file in a text editor and copy the contents (Kanika, 2013). On the IDPS device, choose the global configuration mode "configure terminal" command. Paste the contents from the text file at the global configuration prompt on the IDPS device. Exit from the global configuration mode by striking the "end" command. Verify the input of the key into the configuration by striking the "show running configuration" command. Then locate the content from the text file. If the contents are duplicated from the text file, save the configuration by choosing the "copy running-config startup-config" command (Kanika).