Posted: August 10th, 2022

Topic: Intrusion Detection Systems

Computer Sciences & Information Technology
Topic:
Topic: Intrusion Detection Systems (Focus on active and passive IDS specifically)
Intrusion Detection System
The paper must meet the following criteria:
• 5 pages
• double spaced
• Times New Roman 12pt
• 1” margins
You must include at least two sources of your choosing (both online and physical sources are acceptable).
You should ensure that you are using reputable sources that have vetted to ensure accuracy. This may
involve additional research on your part. You do not need to define a formal thesis statement, but if you
are doing more than a general overview paper, it would be helpful to clearly state your position or point of
view in the opening paragraph. If you select a formal thesis statement, please highlight it in the text.

~ Hire our professional writers now and experience the best assignment help online with our custom paper writing service. We ensure your essays and assignments are expertly researched, written and delivered on time. ~ Grading as follows:
• 5pts – Topic approval
• 10pts – Introduction
• 20pts – Supporting material
• 10pts – Conclusion
• 5pts – Proper format
• TOTAL – 50pts

I have one source that can be used.

Kemmerer, Richard A., and Giovanni Vigna. “Intrusion Detection: A Brief History and Overview .” CSDL | IEEE Computer Society, Apr. 2002, www.computer.org/csdl/magazine/co/2002/04/r4s27/13rRUIJcWgL.

Intrusion Detection System
Introduction
What defines a system’s success or failure lies in its ability to successfully institute a capable risk management system based on the interest and systems objectives and functions. The field of information security is a very dynamic field that experiences constant changes, development, and growth. While this is important to companies, it also prevents the problem of increased security risk, as threats are increasingly becoming more sophisticated and mature, constantly pushing network system operators to spend more in training and preventing attacks. Hartwig (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay) outlines that with more development in the field of information systems comes greater risks associated with the management of the system from attacks. Data security as such has become a very important industry that is continually evolving to match the threat. Romanosky, Ablon, and Kuehn (2017) outline that with the increased incidence of data breaches and security compromises, more and more companies are resulting with the notion that it is not a matter of if they will face an attack, but when they will face the attack. This rings true especially within the US corporate sector, where most of these attacks target personally identifiable information, as well as have a financial incentive.
The creation of tools, such as IDS, that can adequately manage and identify these attacks becomes essential for most companies as they work to deter and identify threats preventing the company from losses that come with system downtime or exposure of unauthorized and protected information. The Intrusion Detection System is one key tool that has been very useful to system operators in the light of increased network traffic and information access. They have been lauded for automation of system processes and identifying millions of potential problems, as well as notifying or addressing the problems head-on. While they are effective, they like all other systems, are susceptible to immense vulnerabilities. The following report outlines the definition, evolution, and advantages, as well as disadvantages of IDS as a tool for system risk and vulnerability assessment.
IDS Defined
An Intrusion Detection System or IDS is an origination of intrusion detection that historically is signature-based. IDS looks for data payloads and packets and also watches traffic that it has had visibility to. IDS works to define certain payloads and packets as good or bad traffic. IDS has a mechanism to notify an individual through a console or an alerting mechanism, for one to take action on. It takes the action of notifying the system user of any malicious traffic and potentially preventing harm that may have resulted from this malicious activity (Jang-Jaccard and Nepal, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). The malicious activity may potentially cause a negative impact on the system environment. An IDS works to provide best-in-class security as it provides a holistic review of the network. The functions of anomaly detection and reporting remain to be the primary functions of an IDS (Jang-Jaccard and Nepal, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). Through the evolution of technology, IDS has transformed from just anomaly detection and reporting to prevention.
Today, top-of-the-class IDS have the capability of taking action when the malicious activity or anomalous traffic is detected, the ability to take action transforms them from an IDS to an IPS (Jang-Jaccard and Nepal, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). They are commonly referred to as Intrusion Prevention Systems of IPS. Contrasting to IDS, IPS have the capacity to detect and block traffic sent from suspicious IP addresses. IPS generally monitors networks packets for all potentially damaging network traffic with the primary goal of preventing threats once it has been detected, as opposed to primarily detecting and alerting or recording the threat (emphasizing its passivity and passive nature of IDS) similarly the ability to detect, record and prevent malicious activity is what makes it an active.
How do IDS Function
For an IDS to properly work, it needs to be positioned appropriately within the network as well as the network infrastructure. More importantly, the network infrastructure also needs proper configuration in order to deliver network traffic to the IDS. Jang-Jaccard and Nepal (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay) outline that in modern networks and in large network environments there is a need for more than one IDS to manage the traffic that is being brought in. This is in order for the system to have effective coverage and systemwide detection. Good management practices should also be instituted so as to create an adequate system of communication monitoring and addressing problems when detected. Normally, IDS works by scanning all the network traffic. there are a variety of threats that are usually posed to the system that includes (Burton et al, 2003):
● Denial of Service (DoS) attacks
● Viruses
● Malware
● Vulnerability exploits
● Distributed DoS
● Worms
Active IDS vs Passive IDS
A passive IDS only works by sending alerts to the system operator after it has detected malicious activity. The alerts are raised through email or text messages and usually target the Security Information and Event Management (SEIM) (Jang-Jaccard and Nepal, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). Both IPS and IDS work by continually monitoring and evaluating information. Both the IPS and IDS report any malicious activity to the administrator; unlike IDS which only sends alerts, IPS takes preventive action on the behest of the administrator. Caspi, (2021) outlines that with numerous access points into a typical business network, IDS and IPS need extensive coverage and in their use, they also provide critical solutions to the business networks such as identifying issues with the businesses security policies, as well as creating working policies that deter employees and well as network guests from violating their privileged access to the system. An active IDS is also known as IPS. Unlike the passive IDS, the active IDS not only works by identifying threats, recording them, and sending alerts, but it also works by curtailing their efforts in a variety of manners. IPS have extra security features that give the modified IDS the ability to conduct defensive actions that include (Caspi, 2021):
1. Modify access control lists on firewalls so as to block all suspicious traffic
2. Destroy all processes on the internal systems that may be in communication with the hostile network
3. Work to redirect traffic to the honeypot to allow further analysis and assessment of a threat. A honeypot is generally a mechanism that a computer security mechanism set up to identify and redirect or counter attempts by unwarranted or unauthorized use of Information Systems or IS.
An IPS has become more appreciated due to its ability to automatically block suspected attacks in progress without any external intervention by an operator. This is referred to as defensive action As a mitigative measure, it is loaded with the capacity for real-time corrective action. This aspect makes it very useful to information systems in the dynamic world of information and network security (Caspi, 2021). The IDS and the IPS usually perform a real-time packet and payloads inspection, by evaluating every packet traffic that travels across the network. In the event that a malicious packet is detected the IDS sends an alert to the system operator. The IPS on the other hand performs the following actions Burton et al (2003):
1. It terminates the TCP session which in most cases has been exploited and actively blocks access to the IP address from which the threat was identified. It may also block the user accounts from accessing any form of application that directly affects the host and other infrastructure and network resources
2. It reprograms the firewall to ensure that a similar attack does not manifest
3. It wipes away any malicious content associated with the corrupted packet
The IPS are usually tailored to use three critical approaches in dealing with external threats. They include (Burton et al, 2003):
I. Signature-based prevention strategies follow predefined signatures of well-known network threats
II. Anomaly-based: follow abnormal or unexpected behavior within the network
III. Policy-based: follow a defined security policy that overall encompass the organization’s security.
As for the IPS, they are usually categorized into (Pankaj, 2020)
1. Network IDS: Usually set up at a planned point of the network
2. Host IDS: Run on independent host or system device on the larger network
3. Protocol-based IDS: Made up of a system of agents that are placed in the front-end of a server and usually monitor packages.
4. Application Protocol-based IDS: More than one server.
5. Hybrid IDS: Combination of two or more approaches.
Disadvantages of IDS and IPS
For the many advantages that the systems bring to the organization, there are a host of vulnerabilities associated with the deployment of an IDS and IPS system. The limitation usually stems from information overload in bandwidth-intensive networks, and most IDS usually require constant management and support to function (Burton et al, 2003). In most cases, the IDS is required to be up to date with the latest attack, as this is a dynamic space. Research outlines that even if the IDS is properly managed and maintained the security team is usually required to respond promptly to new threats and inform the IDS or it will become useless. As such signature-based, as well as anomaly-based IDS, require constant updates and are defined with the latest network system updates. The IPS similarly has its own limitation. In the event that it has earmarked a certain network user, or legitimate packet to be hostile, it may wrongfully prevent network attack by forcing the wrongly detected legitimate user to DoS, in most cases, it may even block access from the legitimate account (Jang-Jaccard and Nepal, 2003). This forced block may be costly for the business. Constant monitoring and deployment of multiple IPS and IDS to large systems, as well as accurate policies, may work to prevent these problems.
Conclusion
IPS evolved from IDS. They both work to identify threats, and adequately deal with them to the best of their abilities. IDS is considered a passive system as it usually scans the system for threats and reports these threats to the system operator. The IPS are considered to be active as it is fully automated to scan, detect and curtail threats, while also notifying the system operators of the changes and updating security policies to identify the threat in the future. They are required to be adequately placed in the network system to enable them to work properly, and in the case of larger organizations, they are required to be multiple and properly situated to avoid failure or irregular detection. Constant maintenance and management of the systems is also paramount.

References
Burton, J., Dubrawsky, I., Osipov, V., Baumrucker, C., & Sweeney, M. (2003). Cisco Security Professional’s Guide to Secure Intrusion Detection Systems. https://doi.org/10.1016/b978-1-932266-69-6.x5017-4
Caspi, O. (2021). What is an IDS? Intrusion Detection Systems Explained | AT&T Cybersecurity. Cybersecurity.att.com. Retrieved 26 January 2022, from https://cybersecurity.att.com/solutions/intrusion-detection-system/ids-explained.
Hartwig, R. P. (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). Cyber risks: The growing threat. Insurance Information Institute. Retrieved from https://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay.pdf
Jang-Jaccard, J., & Nepal, S. (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). A survey of emerging threats in cybersecurity. Journal Of Computer And System Sciences, 80(5), 973-993. https://doi.org/10.1016/j.jcss.2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay.02.005
Pankaj. (2021). Intrusion Detection System (IDS). GeeksforGeeks. Retrieved 26 January 2022, from https://www.geeksforgeeks.org/intrusion-detection-system-ids/.
Romanosky, S., Ablon, L., & Kuehn, A. (2017). A content analysis of cyber insurance policies. RAND. Retrieved from https://www.rand.org/pubs/external_publications/EP67850.html

Order | Check Discount