Intrusion Detection And Prevention System




Faculty Mentor:
Ms.Bhavna Galhotra

Student Name:
Pranav Gupta (MCA – I)
Shivam Bansiwal (MCA – I)



1.Introduction

In these past 2 decades there is rapid growth in the IT sector, which leads us to rely on the Personal Digital Assistant (PDA). Our most of the work is done online, all our data is stored online and the only concern we have is its security. According to a research a website is hit with 22 cyber-attacks every day. As of the current situation of our network defence is weak. At present threat management is our top priority for which more powerful IDS and IPS are developed. IDS is Intrusion Detection System which detects any intrusion in the system and IPS is Intrusion Prevention System which is an extension of IDS by adding the ability to stop or prevent those intrusions. These IDS and IPS are still in a developing phase because to detect new attacks is still difficult for them. PDA devices are easy to hack as we compare it with a computer.

2.INTRUSION DETECTION SYSTEM

An IDS monitors your network traffic. It has a database where all known attacks signatures are present and the system compare the inbound traffic. If there is an attack the system generates a message or pop up for the user. An IDS system is like a CCTV where it can only see if there’s an attack but it cannot stop it.

3.TYPES OF IDS

  • Active IDS: An Active IDS is a system that is made to automatically block attacks without intervention by an operator.
  • Passive IDS: A Passive IDS only monitors and alert the operator about the attack.
  • Network IDS:A Network IDS have a sensor to protect us from network threats by monitoring and analysing network traffic.
  • Host IDS: A Host IDS is installed in a computer system and monitor any type of intrusion then log it and notify it to the operator.
  • Signature-Based IDS: A Signature-based IDS have a database where all the known malicious attacks are already determined. When there’s a known attack this IDS alert the operator.
  • Anomaly-based IDS: An Anomaly-based IDS monitors both network and computer activities and alert the operator by an alert. It is like a guard which checks everyone before entering.
image

4. INTRUSION PREVENTION SYSTEM

An IPS system also monitors the network for varioussecurity threats and the main function is to identify suspicious activity, and then log it, attempt to block that activity and finally report it. An IDS only protects us from known attacks whereas IPS can protect us from unknown attacks too due to its database of generic attack behaviour. An IPS is like a security guard it can see everyone and can stop suspicious people.

image

5.Type of IPS

  • Network-based IPS: Network-based IPS is for network security. In monitor all the network traffic for any attack. One thing about Network IPS is that if it found a suspicious packet then it rewrites it to save malicious activity and can gather info on the intruder.
  • Host-based IPS:Host-basedIPS is a software that runs between your OS and the system applications and protects both the servers and the workstations. The software has predetermined rules and is well made and detect any suspicious attack or intrusion. If there’s an intrusion it will do according to the predetermined rules.

6.Security Concerns

Security Concerns are consistently identified as one of the top 5 issues for IT companies. Security Concern of an asset is a function of threat and vulnerability of that asset. Security Concerns are very valid – security is probably the key reason why most organizations won’t use a service provider. So much important corporate information in E-Mail’s. There’s lots of sophisticated ways now that these service providers are able to separate your data from other customer’s data and lock that down. There will be employees within the service provider, and they are the only ones that have access and authorization to your email. Something else to think about is how they encrypt the data – how they encrypt your email when it’s in transit between you and their data centre, as well as how it’s encrypted at rest at their place. But those two pieces are available with most of these email archiving services now.

image

7.SECURITY THREATS

Data Security

  • Data Security is the practise of keeping data protected from corruption and unauthorized access.
  • The focus behind data security is to ensure privacy while protecting personal or corporate data.
  • Data could be anything of interest that can be read or otherwise interpreted in human form.
  • Some of this information isn’t intended to leave the system. The unauthorized access of this data could lead to numerous problems for the larger corporation or even the personal home user.
  • For Example: Having your bank account details stolen is just as damaging as the system administrator who was just robbed for the client information in their database.


Prevention Scheme

There are a number of options for locking down your data from software solutions to hardware mechanisms.

Encryption

Encryption has become a critical security feature for thriving networks and active home users alike. This security mechanism uses mathematical schemes and algorithms to scramble data into unreadable text. It can only be decoded or decrypted by the party that possess the associated key.

Strong User Authentication

Authentication is another part of the data security that we encounter with everyday computer usage. Just think about when you log into your email or blog account. That single sign-on process is a form of authentication that allows you to log into applications, files, folders and even an entire computer system.

Backup Solutions

Data Security wouldn’t be complete without a solution to back up your critical information. Though it may appear secure while confined away in a machine, there is always a chance that your data can be compromised. You could suddenly be hit with a malware infection where a virus destroys all of your files. Someone could enter your computer and thieve the data by sliding through a security hole in the Operating System.

Data Privacy

  • Data Privacy is also known as Information Privacy.
  • Data Privacy is related to how a data or a piece of information should be handled based on its importance.
  • Say for example – When you introduce yourself to some stranger you most likely wouldn’t mind sharing your name in the process, but still there will be some other information you wouldn’t want to share until you become more acquainted to that person.
  • A person’s data can be stolen by any hacker, fraud application or anything like that.


Prevention Scheme

There are a number of options for securing your data from unwanted hackers, thefts, etc.

Use a Passcode

  • Use Passcode on your devices, so that any other person should not be able to open it.
  • When setting up your passcode, you should remember not to use your birthday or ‘1234’ as your passcodes.


Be Selective with your Applications

  • You should only download the trusted party’s apps like Facebook, amazon, yahoo, etc.
  • Do not download any third-party app which is not trusted.


Use Multi-Factor Authentication

  • Multi-factor authentication is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
  • Mainly 2 factor authenticationsare used among users in which first you have to provide your passcode then a randomly generated number from authentication apps like OTP, which ensures dual verification and confirms that the right user is accessing.


8.CONCLUSION

Information security has become a legitimate concern for both organizations and computer users due to the growing confidence with computers and electronics transactions. Different techniques are used to support the security of an organization against threats or attacks. Whereas on the other hand, attackers are discovering new techniques and ways to breach these security policies.

9.REFERENCES

[1] https://www.juniper.net/us/en/products
-services/what-is/ids-ips/
[2] https://www.dnsstuff.com/ids-vs-ips
[3] https://www.varonis.com/blog/ids-vs-ips/