The paper “ A Network-Based Intrusion Detection System for ACME Software Solutions” is a motivating variant of a lab report on information technology. ACME Software Solutions is an organization that specializes in web development for enterprises that are either medium or small. They design websites that will enable customers to be introduced to the services and products provided by their clients. A security analyst has been hired by ACME Software Solutions to redesign the network. This will help in enhancing system security. The incidents that are related to security, such as web defacement, continue to occur despite the salesman assurance as well as a small fortune being spent on the salesman.
The networks main element will encompass the following: Firewall; NIDS (Network-based Intrusion Detection System); Web Server; Database Server; and installation. My RoleACME Software Solutions have hired me as an external security contractor in order to assist it re-formulates their security design. During a consultation at the offices of ACME, the following are pointed out by the ACME CEO: No one appears to have understood how NIDS functions; NIDS has been incapable of controlling web defacement; the OS being used by ACME Software Solutions cannot readily be updated; the security of the database is in making life more difficult and is in a real mess; logging of the system is not effectual; the disruption ought to be minimum; the current functionality of NIDS should be extended, and the CEO wants to see practical examples that are actual. This paper is going to examine the Network-based Intrusion Detection System.
In doing so, it will look at the following: common disadvantages with NIDS; how the current setup of NIDS is not likely to meet the security requirements of ACME; how the setup of the NIDS and Network can be changed to suit the existing functionality with no any extra expenses on security; how IDS support systems and tools may use NIDS to add the existing functionality of IDS; how the security of the database could be configured to minimize the effect on services in existence as well as maximize security; how the security functionalities that are in existence could be tested in future so as to guarantee that everything is functioning as expected; and provision of network diagrams to illustrate the principles of networking. Common limitations with NIDSAn IDS (intrusion detection system) refers to an application or device that monitors activities of a system or network for violations of policies or malicious activities.
The process whereby events that occur in the network or computer system are monitored and analyzed for probable incidences, which are likely to be threats of violations that are imminent, is called intrusion detection. A NIDS (network-based intrusion detection system) is a type of IDS whereby the network to be monitored has its sensors positioned at choke points, often at network borders or in the DMZ (demilitarized zone). The limitations associated with NIDS are many.
First of all, the effectiveness of a network-based intrusion detection system can be hindered by noise. Escaped local packets, as well as software bugs, can generate bad packets. These generated packets are capable of creating a false-alarm rate that is normally significant and high. Moreover, actual attacks are often below the rate of false-alarm. As a result, they are often ignored or missed.
It is unlikely that the actual attack rate will fall below the rate of false-alarm (Ross 387).
Amoroso, Edward, "Introduction to Internet Trace Back, Response, Surveillance, Traps, and Correlation. New Jersey: Sparta, 1999.
Heberlein, Todd, and Wolber, David. "Monitoring Network Security.” Security and Privacy, Oakland, (1990): 295–306
Kathleen, Jackson, and DuBois, David. An Approach to Network Intrusion Detection. National Computing Security, 1991.
Lunt, Teresa. "Detecting Attackers in Computer Systems,” Computer Technology and Auditing, SRI International, 1993.
Paxson, Vern. “A System for Detecting Network Attackers in Real-Time," USENIX Security, San Antonio, 1998.
Ramstedt, Paul, and Dowell, Cheri. Computer Watch Data Reduction Tool. Washington, DC: National Computer and Security Conference, 1990.
Ross, Anderson. Security Engineering. New York: Wiley (2001): 386–390.
Sebring, Michael, and Whitehurst, Alan. Expert Systems- Intrusion Detection Systems. National Computer Security Conference, 1998.
Smaha, Stephen. "Intrusion Detection System-Haystack.Computer Security Applications, Orlando, 1988.
Snapp, Steven, and Brentano, James. “Distributed Intrusion Detection System, Architecture and Early Prototype”. National Computer Security Conference, (1991): 166–175.
Teng, Henry. Real-time Anomaly Detection-An Inductively Generated Patterns. Security and Privacy, 1990.
Vaccaro, Liepins. Detection of Computer Session Activity that is Anomalous. Symposium on Privacy and Security, 1999.