Question

In: Computer Science

Choose an organization, preferably one that you work in, have worked in, or are familiar with....

Choose an organization, preferably one that you work in, have worked in, or are familiar with. Throughout the semester, you will be wearing the hat of the Chief Information Security Officer (CISO) for that organization. You will be planning its Cybersecurity strategy, defining all assets that require safeguarding, and identifying all components and controls. You will propose a Cybersecurity Strategy for your organization, a plan for an effective, collaborative, organization-wide cybersecurity posture and defence.

Your Strategy should identify crosscutting principles and apply these principles across IT Strategy goals. Within those goals, the Cybersecurity Strategy should identify the main objectives, with associated major tasks and activities. The Cybersecurity Strategy should also establish the guiding principles and strategic approach needed to drive both near- and long-term priorities for your organisation cybersecurity. It should be aligned with related frameworks and strategies, including the National Institute of Standards and Technology (NIST)'s Cybersecurity Framework. Through this strategy and the associated tasks, your organisation will improve its posture and protect its systems, information, and infrastructure from the cybersecurity threat.

Task

Describe in detail the intrusion detection and prevention measures that you will deploy in your organization

1. The proposal of the appropriate positions for IDS/IPS in a network topology in order to increase the security of the environment, along with providing supportive justifications of the proposed positions.

Solutions

Expert Solution

An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine. Following a successful exploit, the attacker can disable the target application (resulting in a denial-of-service state), or can potentially access to all the rights and permissions available to the compromised application.

Prevention

The IPS often sits directly behind the firewall and provides a complementary layer of analysis that negatively selects for dangerous content. Unlike its predecessor the Intrusion Detection System (IDS)—which is a passive system that scans traffic and reports back on threats—the IPS is placed inline (in the direct communication path between source and destination), actively analyzing and taking automated actions on all traffic flows that enter the network. Specifically, these actions include:

  • Sending an alarm to the administrator (as would be seen in an IDS)
  • Dropping the malicious packets
  • Blocking traffic from the source address
  • Resetting the connection

As an inline security component, the IPS must work efficiently to avoid degrading network performance. It must also work fast because exploits can happen in near real-time. The IPS must also detect and respond accurately, so as to eliminate threats and false positives (legitimate packets misread as threats).

How do Intrusion Prevention Systems work?

IPS technologies have access to packets where they are deployed, either as Network intrusion detection systems (NIDS), or as Host intrusion detection systems (HIDS). Network IPS has a larger view of the entire network and can either deployed inline in the network or offline to the network as a passive sensor that receives packets from a network TAP or SPAN port.

The detection method employed may be signature or anomaly-based. Predefined signatures are patterns of well-known network attacks. The IPS compares packet flows with the signature to see if there is a pattern match. Anomaly-based intrusion detection systems uses heuristics to identify threats, for instance comparing a sample of traffic against a known baseline.

What’s the difference between IDS and IPS?

Early implementations of the technology were deployed in detect mode on dedicated security appliances. As the technology has matured and moved into integrated Next Generation Firewall or UTM devices, the default action is set to prevent the malicious traffic.

In some cases, the decision to detect and accept or prevent the traffic is based upon confidence in the specific IPS protection. When there is lower confidence in an IPS protection, then there is a higher likelihood of false positives. A false positive is when the IDS identifies an activity as an attack but the activity is acceptable behavior. For this reason, many IPS technologies also have the ability to capture packet sequences from the attack event. These can then be analyzed to determine if there was an actual threat and to further improve the IPS protection.

better position IDS in a network architecture

An intrusion detection and prevention system is a very important asset in an information security architecture. They are sensors that placed in various positions in a network topology to increase the security of the environment.

The primary purpose of an IDS/IPS is to detect signatures of known attacks, as well as anomalous packet behavior or data flows that occur on computer networks. This allows companies to know what happens in networks, especially in the interfaces of communication with the Internet.

Placement is part of a strategy that needs to be well thought out, since there are of course different trading formats for each model that can be applied. The models are not exclusive but need to be well understood to validate the desired efficiency in the environment.

If you are not familiar with the IDS/IPS term and want to know a bit more about the classifications and divisions, the post IDS: history, concept and terminologys highly recommended;


Related Solutions

Think of an organization with which you are familiar. This may be somewhere you have worked....
Think of an organization with which you are familiar. This may be somewhere you have worked. How is decision-making authority distributed in the organization? For example: Organizations may either be centralized, decentralized, or a combination of both when it comes to who makes the decisions.
Choose a company (one where you work or have worked for) and consider key stakeholders that...
Choose a company (one where you work or have worked for) and consider key stakeholders that the company has. Focus on 2 stakeholder groups: portfolio sponsors and portfolio governance. What role do they have as stakeholders? What are their interests in the company? What are their expectations?

Does the organization you work for or have worked for have a method for evaluating their...
Does the organization you work for or have worked for have a method for evaluating their effectiveness, achievement of organizational goals, and the meeting of client needs? If so, please describe it. If not, name a few ways an organizations can evaluate themselves. Why is this important? 
Using the organization for which you work or one with which you are familiar, assume that...
Using the organization for which you work or one with which you are familiar, assume that you have selected the capability maturity model (CMM) to perform an assurance assessment. Explain how the model works and include an illustration for each of the 5 progressive levels of process maturity. Include a biblical application in your analysis
Using the organization/company that you work for, or have worked for in the past, how do...
Using the organization/company that you work for, or have worked for in the past, how do they (1) align the budget with organizational goals and (2) align the budget with the mission of the company? How are capital decisions made? If you were in a position that you could change things, what would you change? Why? Support your answer with credible sources. If you have never worked for an organization, use the library to find an article related to budgeting....
Choose an organization with which you're familiar or one you would like to know more about....
Choose an organization with which you're familiar or one you would like to know more about. Create a table identifying potential stakeholders of this organization. Then indicate what particular interests or concerns these stakeholders might have.
Either where you work, or an organization you are familiar with, do you believe your organization...
Either where you work, or an organization you are familiar with, do you believe your organization uses a flexible or static budget? Why do you think so?
What are the different indicators of an organization’s culture? Choose an organization that you are familiar...
What are the different indicators of an organization’s culture? Choose an organization that you are familiar with and use the indicators to describe the culture of the organization
Choose an organization that you are familiar with and determine what is done to initiate information...
Choose an organization that you are familiar with and determine what is done to initiate information systems projects. Who is responsible for initiating projects? Is this process formal or informal? Does this appear to be a top- down or bottom-up process? How could this process be improved?
Choose an organization that you are familiar with and determine what is done to initiate information...
Choose an organization that you are familiar with and determine what is done to initiate information systems projects. Who is responsible for initiating projects? Is this process formal or informal? Does this appear to be a top- down or bottom-up process? How could this process be improved?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT