Overview of Intrusion Detection System(IDS) using case of University library, high school and retail store.
Intrusion detection system is a software application that monitors network or system activities for malicious activities or policy violations and invariably produces report to a management station e.g administrator for action to be taken.
There are Two types of IDS with the placed at points within the system to monitor to and from all devices on the network called Network Intrusion Detection System (NIDS) while those that run on only the host or devices on the networks are referred to as Host Intrusion Detection System.
Functionally, it can be passive or reactive in nature, the passive ones only send signal to the administrator console when suspicious activity is detected and the reactive ones prevent the occurrence of the suspicious activities by reconfiguration of the firewalls to combat the malware.
In a public university library, the likelihood of attack is high considering the intellectual assets under their care and even the curious users, hence, i will recommend NIDS having both the passive and reactive nature.
Also in case of High school, i will recommend the same looking at the students exploratory nature, i will recommend the same as in the case of the university library above.
For a retail shop, HIDS would suffice with passive nature so that administrator would be able to respond to detected suspicious activities within the system.
IDS limitations could be dangerous anyway, one of such is the fact that number of false alarm in most cases surpass that of positive alarm and this might deceive administrator to ignore the real threats.
Also Invalid data and IP stacks may cause an NIDS to crash, it also difficult to detect encrypted packets.
The evasion techniques used by attackers varied from fragmentation,avoiding default, coordinated low-bandwidth attacks, address spoofing/proxying to pattern change evasion. These evasion techniques need to be considered when thinking of the choice of IDS to use in any case.
In summary, technology in itself is not enough for network security, appropriate security policy covering accessibility, availability, audit even password usage should be in place in all organisation. Also training and education of the users should also follow.
both the technology, policies and training need to be updated from time to time considering the dynamic nature of the networked society we operate in today.
Sources;
No comments:
Post a Comment