Question

In: Computer Science

Describe and explain at least three improvements you think came about with the introduction of intrusion...

Describe and explain at least three improvements you think came about with the introduction of intrusion prevention technology. Justify your response with at least one credible source.

Explain which of these features you would consider to be the most beneficial if you were a member of the IT team supporting a network. Justify your response with at least one credible source.

Solutions

Expert Solution

Intrusion prevention technology

This article focuses on intrusion prevention systems (IPS), a technology that can detect and prevent computer systems from intrusions in real time. Learn about the different types of IPSs, how they work, and why they are better than traditional firewalls. This article discusses Snort, OSSEC, and Suricata, three popular free or open-source IPSs.

OR

  An intrusion prevention system (IPS) is a system that monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, and then log information, attempt to block the activity, and then finally to report it.

An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine. Following a successful exploit, the attacker can disable the target application (resulting in a denial-of-service state), or can potentially access to all the rights and permissions available to the compromised application.

Prevention

The IPS often sits directly behind the firewall and provides a complementary layer of analysis that negatively selects for dangerous content. Unlike its predecessor the Intrusion Detection System (IDS)—which is a passive system that scans traffic and reports back on threats—the IPS is placed inline (in the direct communication path between source and destination), actively analyzing and taking automated actions on all traffic flows that enter the network. Specifically, these actions include:

  • Sending an alarm to the administrator (as would be seen in an IDS)
  • Dropping the malicious packets
  • Blocking traffic from the source address
  • Resetting the connection

As an inline security component, the IPS must work efficiently to avoid degrading network performance. It must also work fast because exploits can happen in near real-time. The IPS must also detect and respond accurately, so as to eliminate threats and false positives (legitimate packets misread as threats).

Detection

The IPS has a number of detection methods for finding exploits, but signature-based detection and statistical anomaly-based detection are the two dominant mechanisms.

Signature-based detection is based on a dictionary of uniquely identifiable patterns (or signatures) in the code of each exploit. As an exploit is discovered, its signature is recorded and stored in a continuously growing dictionary of signatures. Signature detection for IPS breaks down into two types:

  1. Exploit-facing signatures identify individual exploits by triggering on the unique patterns of a particular exploit attempt. The IPS can identify specific exploits by finding a match with an exploit-facing signature in the traffic stream
  2. Vulnerability-facing signatures are broader signatures that target the underlying vulnerability in the system that is being targeted. These signatures allow networks to be protected from variants of an exploit that may not have been directly observed in the wild, but also raise the risk of false positives.

Statistical anomaly detection takes samples of network traffic at random and compares them to a pre-calculated baseline performance level. When the sample of network traffic activity is outside the parameters of baseline performance, the IPS takes action to handle the situation.

IPS was originally built and released as a standalone device in the mid-2000s. This however, was in the advent of today’s implementations, which are now commonly integrated into Unified Threat Management (UTM) solutions (for small and medium size companies) and next-generation firewalls (at the enterprise level).

I had written these answer by self please thumbs up, and if you have any other query please feel free to ask in comment.


Related Solutions

argue whether you think wellness programs are an intrusion of privacy.
argue whether you think wellness programs are an intrusion of privacy.
You think you have a receptor with three identical and independent ligand binding sites that came...
You think you have a receptor with three identical and independent ligand binding sites that came about from trimerization of monomeric receptors. If you knew what the signal was for binding to one monomer, would a binding titration be able to prove that the trimer is being formed? What are some techniques to prove it exists as a trimer in solution (i.e. that its molecular weight is three times the monomer)?
Give at least three things that makes a bad speech and/or speaker.  Explain why you think...
Give at least three things that makes a bad speech and/or speaker.  Explain why you think each of these things makes for a poor speech/speaker
List and describe at least two types of online intrusion. How does it affect your system?...
List and describe at least two types of online intrusion. How does it affect your system? What potential harm can they cause to you or your device? For each choice, explain how you can defend your system. In 2016 a massive DDoS attack against a cloud service company called Dyn shocked security experts. Look for information about this attack online. How many IP addresses or devices were involved in this attack? What was the name of the malware? Name some...
Describe at least two methods for determining the ratio of isomers in a product (think about...
Describe at least two methods for determining the ratio of isomers in a product (think about analytical techniques involved)
When you have heard about probability, where did you think the estimations of likelihood came from?...
When you have heard about probability, where did you think the estimations of likelihood came from? How we are able to use the normal curve to make probability estimations? Describe the utility of z scores in any simple analysis of data.?
Mention at least 3 significant changes that came about with the discovery or manipulation of fire....
Mention at least 3 significant changes that came about with the discovery or manipulation of fire. Changes - what was the change "cooking" Description - explain how it was manifested, "how it was done" Reflection - how do you think this changed humanity in general List and describe the changes that emerged after the discovery and mastery of the use of fire. Discovering Fire: Big changes in humanity Changes Description Reflection
Describe and explain the advantages and disadvantages of network-based and host-based intrusion detection categories.
Describe and explain the advantages and disadvantages of network-based and host-based intrusion detection categories.
Identify and describe the three most important powers Congress has, and explain why you think they...
Identify and describe the three most important powers Congress has, and explain why you think they rank as such.
Describe in detail the intrusion detection and prevention measures that you will deploy in your organization....
Describe in detail the intrusion detection and prevention measures that you will deploy in your organization. Your discussion should also include the following: Describe in detail the intrusion detection and prevention measures that you will deploy in your organization. Your discussion should also include the following: [T3.1] IDS type and why you will need it [T3.2] IPS type and why you will need it [T3.3] The proposal of the appropriate positions for IDS/IPS in a network topology in order to...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT