Lab #10 Securing the Network with an Intrusion Detection System (Ids)

In: Computers and Technology

Submitted By iseeucme
Words 3209
Pages 13
Lab #10 Securing the Network with an Intrusion Detection System (IDS)
Introduction
Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection.
Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage.
A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides the ability to monitor a network, host or application, and report back when suspicious activity is detected, but it does not block the activity.
In this lab, you will configure Snort, an open source intrusion prevention and detection system, on the TargetSnort virtual machine and the Web-based IDS monitoring tool called Snorby. You also will use the OpenVAS scanning tool to scan the…...

Similar Documents

Intrusion Detection Systems

...Intrusion Detection Systems CMIT368 August 12, 2006 Introduction As technology has advanced, information systems have become an integral part of every day life. In fact, there are not too many public or private actions that can take part in today’s society that do not include some type of information system at some level or another. While information systems make our lives easier in most respects, our dependency upon them has become increasingly capitalized upon by persons with malicious intent. Therefore, security within the information systems realm has introduced a number of new devices and software to help combat the unfortunate results of unauthorized network access, identity theft, and the like – one of which is the intrusion detection system, or IDS. Intrusion detection systems are primarily used to detect unauthorized or unconventional accesses to systems and typically consist of a sensor, monitoring agent (console), and the core engine. The sensor is used to detect and generate the security events, the console is used to control the sensor and monitor the events/alarms it produces, and the engine compares rules against the events database generated by the sensors to determine which events have the potential to be an attack or not (Wikipedia, 2006, para. 1-3). IDS generally consist of two types – signature-based and anomaly-based. Signature-based IDS operate by comparing network traffic against a known database of attack categories. In......

Words: 1749 - Pages: 7

Id System

...Thesis Automated Attendance Tracking System A card reader is an automated system that collects class attendance by students swiping their DeVry ID cards for every scheduled lecture and lab session. The card readers are conveniently located in each classroom and lab. Additional individual instructor policies for determining tardiness and absence are outlined in course syllabi. Remember to swipe your card for every class you attend. Many students have shown absences (especially in labs) for classes that they have been attending because they have forgotten to swipe. Please remember to swipe your card for lecture and lab attendance. If you forget to swipe your card, you may request that your instructor submit an 'Attendance Revision Form' to update your attendance. Check with your instructors (or course syllabus) to find out whether or not their attendance recording policy will allow for modifications after the class session has been conducted. Please do not get into the habit of swiping more than one card. It is in your own best interest to be the one in control of your ID card and your attendance record. Swiping your classmates' cards can be considered a violation of Article III of the student code of conduct and is subject to the disciplinary actions outlined in Article V of the Student Handbook. Students are not allowed to use an instructor's ID code or card to record attendance for a class. This is for your protection. If the instructor is running late, please wait......

Words: 325 - Pages: 2

Distributed Intrusion Detection Using Mobile Agent in Distributed System

...Distributed Intrusion Detection using Mobile Agent in Distributed System Kuldeep Jachak University of Pune, P.R.E.C Loni, Pune, India Ashish Barua University of Pune, P.R.E.C Loni, Delhi, India ABSTRACT Due to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. There is tremendous rise in attacks on wired and wireless LAN. Therefore security of Distributed System (DS) is become serious challenge. One such serious challenge in DS security domain is detection of rogue points in network. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. This paper gives the new idea for detecting rouge point using Mobile agent. Mobile agent technology is best suited for audit information retrieval which is useful for the detection of rogue points. Using Mobile agent we can find the intruder in DS as well as controller can take corrective action. This paper presents DIDS based on Mobile agents and band width consumed by the Mobile Agent for intrusion detection. information it receives from each of the monitors. Some of the issues with the existing centralized ID models are:  Additions of new hosts cause the load on the centralized controller to increase significantly. As a result, it makes the IDS non-scalable. Communication with the central component can overload parts of the......

Words: 2840 - Pages: 12

Intrusion Detection

...cyber security awareness -Topic- Network intrusion detection methods INTRODUCTION Intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. Intrusion Detection Systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection provides a way to identify and thus allow responses to, attacks against these systems. Second, due to the limitations of information security and software engineering practice, computer systems and applications may have design flaws or bugs that could be used by an intruder to attack the systems or applications. As a result, certain preventive mechanisms (e.g., firewalls) may not be as effective as expected. Intrusion detection complements these protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusions have happened or are happening, so that we can understand the security threats and risks and thus be better prepared for future attacks. IDSs may be classified into Host-Based IDSs, Distributed IDSs, and Network-Based IDSs according to the......

Words: 1083 - Pages: 5

Securing Linux Lab Assignment

...Week 3 Lab This lab consists of two parts. Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened......

Words: 2020 - Pages: 9

Securing a Network

...Securing a Network Kaplan University Securing a network for a company is a very important job because without security anything can come in or be taken from the company. With securing a company I would have a firewall in place of course. A firewall is a software and sometimes hardware that screen out hackers, viruses etc. coming in from the internet (Microsoft Office, 2013). After making sure the firewall is up and running at all times I would began hardening the system. When hardening the system I will take out every unnecessary piece of item that I can without interfering with the task that needs to be done by this system. By taking these unnecessary pieces away I will be creating an easier task for myself and the firewall because, it will increase the security. I will then audit the firewall to make sure everything works properly. Once everything is checked on and I have finished making sure it is running smooth I will have an ongoing maintenance. This ongoing maintenance will detect anything suspicious and any intrusions. A method of encrypting alphabetic: P mxlfop sy lbffdtgkee pexugbpipc. Using Vigenere Cipher I was able to come up with this Cipher. I used http://rumkin.com/tools/cipher/vigenere-autokey.php# an online cipher to help with this Cipher, using the alphabet key A and the passphrase Patsy. I believe this a very secure cipher due to the fact that there can be up to 26 different cipher alphabets. When securing the network that I have chosen I need......

Words: 1001 - Pages: 5

Intrusion Prevention System

...Target Network: Here, the target network is a small family owned bank. This is a financial institution that holds personal and financial information. The data includes the name, address, telephone numbers, social security numbers, alien registration numbers, job details, and income details and so on. The IT infrastructure is provided by a small IT company. IT is very important to keep each and every information and transactions secured for company’s growth. Any compromise with any data could lead the company to the court. 2. The Protection System: Being said it is a small business, the company is applying an Intrusion Protection System (IPS). Only detecting the intrusion will not be enough for this business as it will be too late until we know about it. Real time protection is must for this kind of business. IPS generally detects, logs, and then blocks known intrusions or anomalous network activity. False- positives are an issue and will result in a self-inflicted denial of service condition. The company is also applying honeypot where they re-route the suspicions network activity where they collect and analyze data about the attacks and gather more details about the potential attacks. This is called ‘Research Honeypot’. This is very important to further avoid such suspicious activities. 3. The Body of the Management Briefing Document: Following are the possible measures and their overview that will be taken against the intrusion on......

Words: 257 - Pages: 2

External Intrusion of the Playstation Network

...External Intrusion of the PlayStation Network Lecola Pierce Strayer University Professor Curtis Bunch Feb 6, 2015 External Intrusion of the PlayStation Network Sony has had recently troubles with hackers intruding into their system and threating all Sony users with the capability of stealing all users’ information, but there was a case on April 20, 2011 that had all Sony employees in shock. One of Sony’s bestselling products, the PlayStation, was taken offline after their company discovered there was an intrusion in the PlayStation Network. For those who are not familiar with the PlayStation Network this is where most of the PlayStation business is done. In the PlayStation Network customers are all registered into this network and most have sensitive information uploaded onto the network including payment information. Hacking this interface would allow access to all users’ personal information which is considered to be a serious problem since one out of four homes either have a PlayStation 3 or PlayStation 4, which all must be registered onto the system before activation. The hackers were able to gain access to three separate gaming systems including PlayStation, Oriocity, and Sony online gaming. Before Sony was able to shut down their systems approximately over a million credit card numbers were reported stolen. It’s not certain exactly when the hackers gained access to the Sony Network but Sony first announced the system had been hacked on April 22, saying an......

Words: 794 - Pages: 4

Securing the Wireless Soho Network

...Abstract Installing and getting a Small Office Home Office (SOHO) network set up is a simple task when using “Off The Shelf” equipment and the default configuration. Sadly it is not as secure as one would like. Using the default configuration leaves the network open to would be hackers, hijackers and the next door neighbor looking to get some free internet. Today we are going to discuss the equipment used to build our SOHO and then how to step outside of the box and ensuring that we are secure. Our small businesses has a total of 5 employees working out of a converted basement. We use Verizon FIOS for our ISP using a Actiontec Wireless Broadband Router (GigE), 5 laptops, 1 PC and 1 wireless printer. . Router The backbone of our SOHO network is the Actiontec Wireless Broadband Router (GigE) model number MI424WR (GigE). Out of the box it "support very high speed Internet service." with "speeds up to 1000 Mbps wired (with the Gigabit Ethernet interface) and 300 Mbps wireless” using a 802.11b/g/n chipset. It comes prebuilt with an Enterprise level security including; customizable firewall, stateful packet inspection, Denial of Service (DoS) protection, content filtering, intrusion detection, WPA and WEP WIFI encryption. . Physical Network Configuration Our SOHO networks physical layout is pretty standard. Outside of the building is the Fiber Optic line that feeds into the Optical Network Terminal (ONT) for the building. From there a coaxial cable runs to the Actiontec......

Words: 881 - Pages: 4

Lab 1 Securing Systems

...Lab #1 – Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN) 1. What is the first Nmap command you ran in this lab? Explain the switches used. The first nmap command used was nmap -O -v 10.20.100.50. -O was to detect the operating system of the 10.20.100.50 machine, while -v showed much detail. 2. What are the open ports when scanning 192.168.3.25 and their service names? There are twelve open ports. 80 is HTTP services, 135 is the Microsoft EPMAP aka DCE/RPC locator service, 139 is the NetBios session service, 445 is the Microsoft-DS, SMB file sharing, and the common internet file sharing, 3389 is the RDP, 5357 is the web services for devices, and 49152 to 49157 is the DCOM or ephemeral ports. 3. What is the command line syntax for running an SMB vulnerability scan with Nmap against 10.20.100.50? nmap --script=smb-check-vulns -p445 10.20.100.50 4. Explain why SMBv2 DoS (CVE-2009-3103) is bad. It allows a denial of service attack with the blue screen of death. It makes the system a high risk system. 5. What is the operating system of IP address 192.168.40.238? The operating system is FreeBSD 7.X|8.X|9.X|10.X The only open port is port 22 which indicates it is the SSH. 6. What are the reverse IP addresses for the three remote computers scanned in this lab? 10.20.100.50 is 50.100.20.10-apples.colo9.sg.com. 192.168.3.25 is 25.3.168.192-WASHDC103.mainstreet.coresite.com. 192.168.40.238 is 238.40.168.192-lichen.de...

Words: 291 - Pages: 2

Intrusion Detection

...Intrusion detection Intrusion detection is a means of supervising the events that occur in a computer system or network. This includes examining them for traces of possible incidents that are in violations or threats of violation of computer security policies, acceptable use policies, or standard security practices (Ogunleye & Ogunde, 2011). Intrusion detection is become more than ever an important focus of many organization. This focus is driven by the availability of more information systems and globalization through the use of the internet. The market place is no longer the residents of a small town going to the local mall, but services online available to anyone with a web browser. With all this access vastly multiplies the possibilities of one masked robber in a year to thousands of wrong dowers at a desktop or laptop that has discovered vulnerability in the system and decides to take the chance to exploit it. There are various approaches an organization can use to deal with many of the problems that exist with securing an information system. Jain’s (2008) article from the ICFAI Journal of Information Technology depicts a scenario of a network intrusion detection team and how situation can be averted: …The hackers started with slating down the objectives of their ‘Limited Knowledge Penetration Testing’, also referred to as ‘White Box Approach’, and gathered sufficient information to ensure that the testing did not affect the normal business operations. They emulated a...

Words: 1808 - Pages: 8

Lab #10

...Lab #10 Assessment Questions & Answers Network/Security Assessment Questionnaire Network Assessment – Required Information 1. Do you have detailed logical network drawings? If so, please attach. 2. What Directory service, if any, is in use? 3. How many network elements do you have? List each, including make and model or attach list. 5 4. Have you configured multiple networks on this infrastructure? no 5. What internal (RFC1918 or otherwise not-Internet-routable) IP address ranges do you use? 6. What external (Internet routable) address ranges do you use? 7. What protocols are in use on your network? 8. What is the role of each network? (Attach list if multiple networks.) 9. How many hosts do you have on the network? 10. What operating systems are used among your servers and workstations? 11. What applications rely on your network(s)? 12. How many Internet-exposed servers are on your network? 13. What applications do you use to manage your network(s)? 14. What geographic locations connect to your network(s)? 15. What are your future growth plans for your network(s)? Security Assessment – Required Information 1. Do you have firewalls, ACLs, or other types of traffic filters in place within your network? If yes, please describe. 2. What is the general firewall policy: Default permit, default deny inbound, default permit outbound? 3. Do you have any other filtering technologies implemented at the network or......

Words: 708 - Pages: 3

Intrusion Detection

...RESEARCH REPORT – CP5603 INTRUSION DETECTION ASHWIN DHANVANTRI JAMES COOK UNIVERSITY AUSTRILIA SINGAPORE CAMPUS STUDENT ID 12878531 Table Of Contents Title Page No Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Types of Intrusion Detection System . . . . . . . . . . . . . . . . . . . . . . . 2 Working Of Intrusion Detection System. . . . . . . . . . . . . . . . . . . . . 3 System Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Outline Technical Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Module Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Class Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Use case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Sequence Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Technology Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .......

Words: 3561 - Pages: 15

Vpn vs Ids

...and Contrast Three Intrusion Detection Systems (IDS) Devon Hopkins Webster University Introduction In the today’s society security is of paramount importance, whether it’s your business, home, vehicle, or computer. Companies are responsible for securing their employees, work area and the technology they use to operate their business. On a daily basis companies are under attack making them vulnerable to more and more worms, viruses, denial of service (DoS) attacks and hacking, shutting them down for various periods of times. With the advance technology more and more companies are storing information digitally. Having unsecure networks are leading to enormous amount of private information being public. The networks should protect data and maintain confidentiality, integrity and availability of the network. Companies should implement intrusion detection systems (IDS) because hackers are smarter and their intrusions are getting harder to trace. Intrusion Detection System An intrusion detection system or IDS is a system that attempts to identify intrusions, which can be defined to be unauthorized uses, misuses, or abuses of the computer systems by either authorized users or external perpetrators [1]. The in the past the major ways that intrusion detection systems were described were host based IDS (HIDS) and network based IDS (NIDS). An addition to the IDS family is perimeter intrusion detection systems (PIDS). A perimeter intrusion detection system will be installed......

Words: 1372 - Pages: 6

Sec 450 Advanced Network Security with Lab Entire Class

...SEC 450 Advanced Network Security with Lab Entire Class Follow Below Link to Download Tutorial http://homeworklance.com/downloads/sec-450-advanced-network-security-lab-entire-class/ For More Information Visit Our Website ( http://homeworklance.com/ ) Email us At: Support@homeworklance.com or lancehomework@gmail.com Devry SEC450 Week 1 Discussion DQ 1 & DQ 2 Latest 2016 DQ 1 Security Policy issues (graded) (graded) What are the key components of a good security policy? What are some of the most common attacks and how can a network be protected against these attacks? DQ 2 iLab Experiences (graded) Discuss your experiences with the Skillsoft Lab 1. What parts of the iLab did you find difficult or unclear? What did you learn about security in completing the assigned iLab? Devry SEC450 Week 2 Discussion DQ 1 & DQ 2 Latest 2016 DQ 1 Router Security (graded) Discuss the methods that can be used on standard IOS router that will prevent unauthorized access to the router. Also, discuss how privilege levels and role-based CLI can improve the security on the router. DQ 2 iLab Experiences (graded) Read the Week 2 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered......

Words: 6008 - Pages: 25