internet security exp

8/3/2019 Internet Security Exp

1/14

..

[FIRE WALLS & INTRUSION DETECTION

SYSTEM]

2011

LIU SAIDA


2/14

[INTERNET SECURITY] May, 2011

Table of contacts:

INTRODUCTION: ..................................................................................................... 3

FIREWALLS ............................................................................................................. 4

Definition/Function: ................................................................................................ 4

2.2. First Generation Packet Filters: ................................................................. 5

2.3. Second Generation Application Layer: ......................................................... 6

Third Generation stateful filters: ...................................................................... 6

Subsequent Development: ..................................................................................... 6

Types: .................................................................................................................... 7

INTRUSION DETECTION SYSTEM (IDS): ................................................................. 7

3.1. Definition ........................................................................................................ 7

3.2. The key Compelling Reasons To Acquire and Use IDSs IDS............................7

3.3.0. Major types of IDSs ...................................................................................... 8

3.3.1. Process model for intrusion detect systems: ...............................................8

3.3.1.1 Information Sources: ................................................................................. 8

3.3.1.2 Analysis: .................................................................................................... 9

3.3.1.3 Response: .................................................................................................. 9

3.4.0. Type of Intrusion Detection System: ............................................................ 9

3.4.1. Host-Based IDS (HIDS): ................................................................................ 93.4.2. Network-Based IDS (NIDS)......................................................................... 10

3.4.3. Application-Base IDS (APIDS)..................................................................... 10

3.4.4. Protocol-Base IDS (PIDS)............................................................................ 12

CONCLUTION: .................................................................................................... 13

5.0. REFERENCES: ............................................................................................... 13

2


3/14


INTRODUCTION:

The idea of a wall to keep intruders dates back thousands of years.

For just a brief example, over ten decade ago, the Chinese built the

Great Wall as protection from neighbouring northern tribes. The

term Firewall was in use by Lightoler as early as [1764] to

describe walls which separated the part of a building that is prone to

fire (e.g. a kitchen).

In this project I will rest my ideas on the concept of firewall in a

more modern setting, computer networks. The predecessors to

firewalls for network security were the routers used in the late 1980s

to separate networks from one another. A network which wasnt

configured properly caused problems on one side of the router and

was largely isolated from the network on the other side; this has

been improved with firewall.

The Intrusion Detection System (IDS) which is designed to detect

unwanted attempts at accessing, manipulating and/or disabling

computer system mainly through a network, such as internet is

either software and/or hardware. It is used to detect several types of

3


4/14


malicious behaviours that can compromise the security and trust of

a computer system. To throw more light to my explanation of An

IDS; IDS can be composed of several sensors which generate

security events, a console to monitor events and intruders.

FIREWALLS

Definitions/function

First Generation - Packet Filters

Second Generation - Application Layer

Third Generation Stateful Filters

Subsequent Development

Types.

Definition/Function:

Firewalls are network devices that enforces an organisations

security policy through a protect network called proxy. Proxies

are program that receive the traffic destination for another

computer system, it also requires a user authentication; they

then verify that users are allowed to connect to the destination

before connecting to the destination server on behalf of the

user.

4


5/14


Firewalls are viewed into several types of techniques which can

be explained using these layers of techniques: Packet Filter,

Application Getaway, Circuit-Level Gateway and Proxy Server.

The firewall is a detected appliance that is running on a

computer system which inspects network traffic passing

through the system denies or permits passage based on a set

rule by the proxy server. It is also software or hardware that is

normally placed in the middle of a protected and unprotected

network. ( ACM Journal Name, Vol. V, No. N, Month 20YY.)

2.2. First Generation Packet Filters:

The first filter system known as Packet Filters Firewalls was

developed 1988 by Digital Equipment Corporation

(DEC).

Mainly, packet filter is responsible for inspecting the packets

which represent the unit that transfer the data between

computers on the internet. Most importantly Bill Cheswick and

Steve Bellovin stated: packet filters pays no attention to

whether a packet is part of an existing stream of traffic (it

stores no information on connection state). Instead, it filters

each packet based only on information contained in the packet

itself. (Bill Cheswick, System development.pp111, 1990)

5


6/14


2.3. Second Generation Application Layer:

An application layer firewalls is mainly a computer networking

firewall that is known as proxy based firewall. It is usually

implemented in a single computer or a stand-alone piece of

hardware. It works on the application layer of TCP/IP stack. (Bill

Cheswick, System development.pp112, 1990)

Third Generation stateful filters:

Stateful filter firewall is any firewalls that perform stateful

packet inspection (SPI), keeping track of the network

connection (such as TCP steams and UDP communication)

travelling across it. From 1989 to 1990 Dave Presetto, Janartan

Sharma and Kshitij Nagam developed the third generation of

firewalls; which is widely known as circuit - level firewall. I

think, the trigger specific rule of the third generation, is to help

prevent attacks which take advantage of the existing

connection. (Bill Cheswick, System development.pp114, 1990)

Subsequent Development:

This technique was developed by Bob Braden and Annette

DeSchon at the University of Southern California in 1992. The

product is known as Visas, which is the first system to have

the virtual integration interface with colours and icons. It is also

the improvement of the other techniques and the existence

deep packet inspection functionality of modern firewalls which

can be shared by the Intrusion Prevention System (IPS). (Bill

Cheswick, System development.pp117, 1990)

6


7/14


Types:

There is several classification of firewall pending where the

communication is taking place. Below are the four important

types of firewall/packet filter:

Network layer and packet filters

Application layer

Proxies

Network address translation

INTRUSION DETECTION SYSTEM (IDS):

3.1. Definition

Intrusion detection systems (IDSs) are software or hardware

systems that automate the process of monitoring the events

occurring in a computer system or network, analyzing them for

signs of security problems (intrusions). It does also can be

viewed as attempts to accommodation the confidentiality,

integrity, availability, or to bypass the security mechanisms of

a computer or network. ()

3.2. The key Compelling Reasons To Acquire

and Use IDSs IDS.

To prevent problem behaviours by increasing the

perceived risk of discovery and punishment for those who

would attack or otherwise abuse the system.

To detect attacks and other security violations not

prevented by other security measures.

7


8/14


To detect and deal with the preamble to attacks

(commonly experienced as network probes and other

doorknob rattling activities).

To document the existing threat to an organization.

To act as quality control for security design and

administration, especially of large and complex

enterprises.

To provide useful information about intrusions that dotake place, allowing improved diagnosis, recovery, and

correction of causative factors

3.3.0. Major types of IDSs

In intrusion detection system, there are several types available

today and they are characterized by different monitoring and

analysis approaches. These approaches can be described in

terms of a generic process model for intrusion detection

system.

3.3.1. Process model for intrusion detect

systems:

Intrusion Detection System is specifically divided into three main

fundamental functional components, which are:

3.3.1.1 Information Sources:

Apparently there are different sources of event information

used to determine whether an intrusion has taken place. These

sources can be explained from different level of the system,

with network, host and application monitoring most common.

8


9/14


3.3.1.2 Analysis:

The part of intrusion detection system that actually organizes

and makes sense of the event derived from the information

sources, deciding when those events indicate that intrusion are

occurring or have already taken place. The most common

analysis approaches are misuse detection and anomaly

detection.

3.3.1.3 Response:

The response been taken once the system detect Intrusion.

By these set of action they are typically grouped into active and

passive measures. With active measures involving some

automated intervention on the part of the system and passive

measures involving reporting Intrusion Detection System.

3.4.0. Type of Intrusion Detection System:Traditionally, there are just three general types of IDS.

I. Host Based intrusion detection system (HIDS).

II. Network Based intrusion detection system (NIDS).

III. Application-Based intrusion detection system (APIDS).

IV. Protocol-Based intrusion detection system (PIDS).

3.4.1. Host-Based IDS (HIDS):

HIDSs operate on information collected from within an

Individual computer system; HIDSs can see the outcome of

an attempted attack, as they can directly access and monitor

the data files and system. Normally utilize information sources

9


10/14


of two types, operating system audit trails, and system logs. eg

(OSSEC).

3.4.2. Network-Based IDS (NIDS). The majority of commercial intrusion detection systems are

network based which are systems that operate on network data

flows, detect attacks by capturing and analyzing network

packets, listening on a network segment or switch, monitoring

the network traffic affecting multiple host and consist of a set

of single-purpose sensor or hosts placed at various points in anetwork. Eg (SNORT).

3.4.3. Application-Base IDS (APIDS).

2.0. APIDS are subset of host-based IDSs that analyze the

events transpiring in software application. They are

mostly use by applications transaction log files, which

stands as a system or agent that would typically sit

within a group of servers, monitoring and analyzing the

communication on application specific protocols.

Example of place or location been use; in a web server

with a database. (Denning, Dorothy E., "An Intrusion

Detection Model," Proceedings of the Seventh IEEE

Symposium on Security and Privacy, May 1986, pages

119-131)

10


11/14


11


12/14


3.4.4. Protocol-Base IDS (PIDS).It is also consists of a system or agent like the Application-

based IDS, it sit at the front end of a server, monitoring and

analyzing the communication protocol between a connected

device. It is used to monitor HTTPS protocol stream for a web

server. (Barbara, Daniel, Couto, Julia, Jajodia, Sushil, Popyack,

Leonard, and Wu, Ningning, "ADAM: Detecting Intrusions by

12


13/14


Data Mining," Proceedings of the IEEE Workshop on Information

Assurance.)

CONCLUTION:

Though they both relate to network security, an intrusion

detection system (IDS) differs from a firewall in that a firewall

looks outwardly for intrusions in order to stop them from

happening. Firewalls limit access between networks to prevent

intrusion and do not signal an attack from inside the network.

An IDS evaluates a suspected intrusion once it has taken place

and signals an alarm. An IDS also watches for attacks that

originate from within a system. This is traditionally achieved by

examining network communications, identifying heuristics and

patterns (often known as signatures) of common computer

attacks, and taking action to alert operators. A system that

terminates connections is called an intrusion prevention

system.

5.0. REFERENCES:

2.0. ACM Journal Name, Vol. V, No. N, Month 20YY.

2.1. Bill Cheswick, System development.pp104, 1990.

3.0. Denning, Dorothy E., "An Intrusion Detection Model,"

Proceedings of the Seventh IEEE Symposium on

Security and Privacy, May 1986, pages 119-131

3.1. Lunt, Teresa F., "IDES: An Intelligent System for

Detecting Intruders," Proceedings of the Symposium on

13


14/14


Computer Security; Threats, and Countermeasures;

Rome, Italy, November 22-23, 1990, pages 110-121.

3.2. Barbara, Daniel, Couto, Julia, Jajodia, Sushil,

Popyack, Leonard, and Wu, Ningning, "ADAM: Detecting

Intrusions by Data Mining," Proceedings of the IEEE

Workshop on Information Assurance.

internet security exp

Documents