Introduction There are several security systems that were developed to resolve serious issues pertaining to the safety of a particular network or organization structure. Malicious attempts to access and make use of such systems without permission from the owner of the said network have been damaging to numerous businesses and have exposed a lot of highly confidential files. As a result, more money has been lost and profits have been decreased greatly. However, many companies are still clueless about the ways on how to stop this information technology theft and the computer hackers continue to proliferate from this illegal works.
One of the solutions that are currently available to resolve the abovementioned problems is to utilize a software-based intrusion detection method. This can also be a mixture of both hardware and software implementation dedicated to stop any unwanted access to information by any user attempting to get in on the said system. It is also intended for detection of any malicious wares that is being injected into the computer system. In addition to that, any attack even from authorized personnel who deliberately destroys the files and data in the network are also being identified by the said infringement recognition scheme.
There are several modules that are being integrated to establish an intrusion detection system. One of the major parts of an intrusion detection system is the transducer. These transducers are devices that are responsible for producing logic information on the system. Its major role lies on the sensitivity of the said sensors being used for detecting such harmful files or manipulations. Another module that is a part of the anti-intrusion scheme is the monitoring system that is in charge of controlling the transducers or sensors.
It also provides periodic observation of any event that occurs on the area covered by the system. The next module that completes the intrusion detection system is the central processing structure. This records the observed events by the monitoring system and processes the appropriate response for the said network stimulus. This also decides if there will be approval or denial of access and service. Anti-Intrusion Scheme Terminologies There are terminologies that are associated with the intrusion detection system. Alarm or alert is a term used if there is an attack detected by the system.
True attack stimulus is a phrase that is used to describe an incident that causes the anti-intrusion system to send an alarm signal and respond accordingly similar to the real aggression happening. False attack stimulus, on the other hand, is used when the intrusion detection scheme produces an alert response even when there is no attack occurring. False positive is the phrase used to describe when an alarm was made by the system even there is no actual system attack occurring while False negative is used when there is a failure on the part of the system to detect an actual assault on the system.
Noise is the term used that interferes the original data and that can cause false alarm on the system. Another terminology used in the system is the site policy wherein it includes the guidelines and regulations that covers the entire organization that has an intrusion detection system. Site policy consciousness is the terminology used to describe the ability of an anti-intrusion scheme in a continuous changing environment. Intrusion Detection System Types Several variations of intrusion detection scheme were already developed and each has its distinct approach and modules like sensors, processors, and monitor devices.
Each type has its own system processes depending on the need of the corresponding network being served by the said computer security systems set-up. Hybrid types or combination of two types is also being used by some networks to establish their need for network security system. Classification of Intrusion Detection System Source: www. windowsecurity. com Network Intrusion Detection System A network intrusion detection scheme is a type of an anti-intrusion arrangement where the transducers are strategically located in critical points being covered by the system.
Particular borders are also recognized on the network systems that are considered prone to malevolent traffic flow of information. Protocol-Based Intrusion System The protocol-based intrusion scheme is a network intrusion category that processes on the protocols for any improper or unlawful message flow or any sort of unlawful access of the network. The sensors used with this type of system are placed at the front section of the server network to be able to analyze communication protocols between connected computer devices.
In a web-based network, the protocol being observed is on the internet protocols being used to interconnect the said system set-up with other networks also linked to the internet. Application Protocol-Based Intrusion Detection System This type of anti-intrusion set-up comprises of approaches where the monitoring system is focused on a specific type of protocols particularly under the highest layer in the OSI model which is the application layer. This scrutinizes the application layer software being used in the system against any sort of illegal activities that can be damaging to the system as a whole.
Host-Based Intrusion System The hot-based intrusion system focuses all the monitoring efforts on the activities made by the hosts where various software installations are located. It also looks on application logs and other file variations for any intrusion states. Passive System against Reactive System A passive anti-intrusion system provides an alert signal once a particular sensor detected a likely network security violation. It also log important information related to the said detection for future references on the said intrusion attempt.
On the other hand, a reactive intrusion detection system provides a more responsive approach on the network infringement attempt on the set-up. The said reactive system makes some real-time adjustments to counter the said intrusion like resetting the link or the firewall program that would be necessary to maintain the security within the network. Such adjustments occur instantly, depending upon the pre-programmed responses of the intrusion system on the said network infringements.
An intrusion prevention system differs a lot from a conventional intrusion detection system because the first looks for any possibility of harming the system before the subjected program or software enter the system while the latter only detects for the any possible intrusion after the entrance of the said suspicious programs. With the use of firewalls, they filter the programs that might pose risks on the network and denying access from any unknown sources or unreliable hosts. Invasion prevention scheme can also be classified under a specific firewall application layer.
Intrusion detection structure uses two common methods in detecting any anomaly in the system. One of these methods includes the statistical process of determining whether a network infringement occurred in the system. This approach is called statistical anomaly-based technique. Another method that is also being employed in the intrusion recognition system is the signature-based technique. Under this approach, any network attack is being recognized through familiar patterns which are acknowledged as system attack signatures.
Many of these identified attack signatures are being held in the database of a computer system for future references and further detection will be much easier for detection of these familiar network intruders. Moreover, the lists of these signatures are continuously being renewed to ensure the validity of the threat signatures on the system. All intrusion detection modules have constraints in their overall routine and efficiency in performing its duties to detect network anomalies in the system.
One of the limitations that hinder the effect of anti-network hacking system is the noise that degrades the reliability and sensitivity of many of the intrusion detection schemes. There is also inherent noise on the system that should be controlled to be able to produce better detection results. Corrupt data and inefficient recognition of potential intruders are some of the problems resulting from the proliferation of noise in the entire network security set-up. Another problem is that real threats on the network system occurs less frequent compared to invalid risks that also appear on the system.
Because of this, anti-intrusion systems sometimes neglect the real warnings and looked at it as another false attack where problems begin to propagate. The next limitation is on the need for regular updating of threat signatures. Without such efforts, some agents that causes harm to the entire system would easily passed on the security line because the said network anti-infringement scheme do not have the update information on the current or new harmful agents that might inflict damage to the system.
Anti-intrusion techniques can also be bypassed by other means and this can be done on several ways. One of the techniques is to develop more network attack procedures as a product of thorough research on the current protection systems. Loopholes in the anti-intrusion schemes are also valid grounds for development of new approaches on how to circumvent the security hurdles implemented by the said anti-intrusion procedures. (www. ) Developments on Intrusion Detection System
A lot of advancements in the field of intrusion recognition system are being made to resolve the key issues in the said system. Various ideas continuously undergoes experimentation for further testing and implementation once the test results appear to have passed all the standards set by the authorized technical agencies. One key development in the field of network security system is the inclusion of access logs for to be able to trace any anomaly that occurred during the entire operation of the network.
In the year 1984, another valid finding was made with regards to the possibility of network attack anomalies with the increasing amount of memory being used. It was stated that the need for more resources that can be used to scan and monitor the entire system. Two years after, a model was structured and made available by a computer network professional defining the over-all composition of an anti-intrusion scheme. This model was adapted by many companies and implemented on their own respective systems. The model utilized appropriate mathematical tools that analyze data statistically.
Neural complex algorithm is also being integrated into the anti-intrusion structure to have a more interactive approach in dealing with network violators. This neural set-up poses more advantages compared to the mathematical approaches. (www. windowsecurity. com) Conclusion Intrusion detection system plays a vital role in managing a network communications structure of companies. Though the scheme has complexities in terms of the processes and the modules included in it, the anti-intrusion system still has greater benefits compared to the aforementioned intricacies of the said system.
Various developments are still under way in order to enhance the procedures of detecting network anomalies that are trying to implicate the system. Competent people should also be assigned on this task of monitoring the flow of the network because much responsibility is assigned on maintaining the entire system hack-free. Continuous upgrading on the approach should also be made regularly to ensure that they are in pace with the network violators and its illegal schemes to get access on the confidential data and files of a network.
Moreover, system hardware and software should also be updated on a regular basis to avoid lapses on its primary function as an anti-network infringement system. References Intrusion Detection Scheme. Retrieved on April 26, 2009, Retrieved from <www. windowsecurity. com Elson D. : “Intrusion Detection, Theory and Practice. Retrieved on April 27, 2009. Retrieved from <http://online. securityfocus. com> Frederick K. K. : Network Intrusion Detection. Retrieved on , April 28, 2009. Get well soon <www. webonline. securityfocus. com. >