assignmentSC-1

Due date 8/4/ 2013  10:00 PM CST

 

 

• 4 pages of IPS and IDS in  banking business network
  
• Review and describe the need for intrusion detection systems (IDS) and intrusion prevention systems (IPS).
• Discuss how they can effectively be used in a network operations setting.
• Ensure that there is an appropriate use of the IDS and IPS in the network diagram. 

 

IDS/IPS Introduction

Network Intrusion Detection System IDS

Network Intrusion Prevention System IPS

Key Differences Between IDS & IPS

Connecting an IDS Device

Connecting an IPS Device

IDS & IPS Tuple Deployment

 

citation and references

 

Mr. AMERICA

You try to sell me answer not belong you just you copied it and pasted I will give a sample from you answer:

Network administrators tend to underestimate or overlook serious alarms, and sometimes they even reduce the sensitivity of the IDS. On the other hand, one single undetected intrusion can seriously undermine the confidence in the IDS.

In order to allow fast and reliable identification and analysis of new attack patterns and signatures, the application of so-called honeynets [6] has been proposed. Honeynets are artificial networks (i.e. networks with no real users or traffic) exposing computer systems (honeypots) openly (i.e. without full firewall protection) to attacks in a tightly controlled and monitored environment. Due to their comprehensive traffic and activity logging capabilities, honeynets can be used to gather statistical data on the number and type of attack attempts [7]. In addition they allow in-depth forensic analysis (online and offline) of successful attacks to gain insight into the methods, strategies and motivations of attackers [6], [8]. However, our own experience has shown that operating a honeynet requires a significant effort. Furthermore, the results obtained from a honeynet are not directly usable for intrusion detection purposes. Therefore, the benefits

of using honeypots and honeynets to support IDSs in production networks are

disputed in the IDS community.

The concept presented in this paper combines mechanisms from the areas of intrusion detection and intrusion response with honeynet mechanisms. The basic idea is to isolate systems generating suspicious (but not yet positively identified as malicious) traffic automatically in a tightly controlled honeynet environment for further observation before making a final decision. During this “quarantine”, harmless traffic from these systems is still forwarded to the production network to allow users to continue working while all potentially harmful traffic is contained within the honeynet. Thus, it is possible to reduce the number of false alarms without generating an unacceptable risk for the production network.

In section 2, the relevant characteristics of IDSs and honeynets will be discussed before presenting the proposed concept and its components in some detail in section 3. Section 4 presents a first prototype implementation which demonstrates the feasibility of the concept. Section 5 provides a summary and an

outlook on further work.

2 Features and limitations of IDSs and honeynets

Mobile terminals used both within private (enterprise) networks and outside while at home or travelling can only be partially controlled by the network administration. Therefore, they provide multiple entry points for malware and limit the efficiency of classical firewall concepts. To the same degree, the need to detect the violation of security objectives and to contain their impact increases. Intrusion detection and intrusion response systems are deployed to provide a way for dealing with these conditions by reporting observed incidents. The (additional) use of honeynets and honeypots has also been proposed to investigate new attack types.

 

I copied page 2 from this research paper 

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.68.8351&rep=rep1&type=pdf

 

Good Luck