Lab2 Snort Essay

Despite the presence of network security devices such as firewalls and other security appliances, today's corporate networks are still vulnerable to both internal and external attacks by hackers intent on creating havoc. By proactively

Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5)

There are multiple aspects of security in this network, which I have tried to implement as much as possible. This is where the CIA triangle comes into play, confidentiality, rules and limits to access information; Integrity, making sure the data is accurate and trustworthy; Availability, having reliable access to the information. I am going to talk about each aspect in a list format and explain how it’s used in my network. One thing that will be performed on all network devices is system updates and patches. They will happen on a monthly basis, on a weekend when the networks are not being used.

This will benefit me while generating a security strategy for the Network and its hardware.

“Security needs to be addressed as a continued lifecycle to be effective. Daily, there are new attack signatures being developed, viruses and worms being written, natural disasters occurring, changes in the organization workplace taking place and new technologies evolving, these all effect the security posture in the organization” (King, 2002). This being said, it is important to evaluate firewall and router rule sets more frequently. The possible threats against this policy include improperly configured network infrastructure which leads to a domino effect that could start with malicious programming which could end in data loss. Many of these threats may be unintentional as some users may not be aware of the risks and how their processes and procedures open the door for such attacks. For this reason alone, a more frequent evaluation is needed. This vulnerability could lead to data loss and the exposure of trade secrets, client lists and product design. The exposure of such information for most companies could mean a financial collapse as it no longer has the competitive edge that makes it the industry leader. While the likelihood of this threat is very high, “security risks to the network exist if users do not follow the security policy. Security weaknesses emerge when there is no clear cut or written security policy document. A security policy meets these goals:

Snort has almost more than 3000 predefined set of rules that are free to download from the snort.org website, these rules are precise and can vary from a wide ranges of

as scan for ports/services. OpenVAS is used to scan for vulnerabilities. It also can perform an

KDDCup99 dataset was introduced at the Third International Knowledge Discovery and Data Mining Tools Competition which was held by DARPA in 1999 .KDDCup99 is a refined data set from DARPA 1998 dataset as it contains only network data[3]. KDDCup99 is commonly used developers and implementers of new IDS to evaluate their systems. IDS systems take the KDDCup99 dataset as an input to train ,test the system and check performance of the IDS in classifying and detecting attack records. KDDCup99 dataset is used by most researchers because it contains 22 different attack types which could be classified into four main attack categories of the network discussed in the previous section. The full DARPA dataset consists of relatively 4,900,000 lines of connection vectors where each single connection vectors consists of 41 features and is marked as either normal or an attack, with exactly one particular attack type [38]. Among the 41 features of the connection, only sixteen significant attributes are considered which are: A1,A5,A6,A8, A9, A10, A11, A13, A16, A17, A18, A19, A23, A24, A32, A33[38] The KDD 99

5. What are the three primary methods for implementing security on this network, as well as the advantages and disadvantages each?

What services are to be permitted and denied access to your network or computer? Make a list of what enters and leaves your network. Discuss

6. Describe (in plain English) at least one type of rule set you would want to add to a high level security network and why?

2. With the possibility of three business computers in his home, and all of his business records possibly vulnerable, this would be a good time to advise Bill on how to set up a routine plan to protect and defend his new network. Provide a list of the five most important concerns for safety and security of the network and the computers in the network. For each concern, specify the action to be taken, and if applicable, what software you recommend be added to the system. Justify each of your recommendations.

The Firewall systems will be used to prevent scanning activity as well as blocking malicious IPs from entering the network. This is critical because being able to block this type of traffic can save a network and the people who watch it a lot of time on incident investigations. When hackers are scanning a network they are looking for reply backs from any port(s) that will respond. This can help them finger print a system and by knowing what is on a network they can use this information for crafting attacks. Once this is identified by a security team they can block the intruding IP at the firewall. This will prevent all traffic coming and going to the suspicious IP in question.

Identification of controls already in place – including policies, firewalls, applications, intrusion and detection prevention systems, virtual private networks, data loss prevention and encryption.

In an e-commerce world, organizations are susceptible to hackers and intruders. Thus creating the information technology protection systems which is used to reduce the possibility of intrusions from occurring. Intrusions occur by uninvited outsiders (sometimes intruders can be internal users like employees) who try to access an organization’s information system using the internet with the intent to gain competitive advantage of some sort. Organizations depend on security technology to avoid loss from security breach, as well as to improve their efficiency and effectiveness. However, firewalls are also vulnerable to errors, and implementing a security technology comes with challenges and critical decisions that can possibly cause a financial burden on the organization if done without seriousness and commitment. “Information security is about managing risk, and managing risk is about discovering and measuring threats to information assets; and taking actions to respond to those threats” (Al-Awadi, & Renaud, 2007, p.3). This paper will discuss a few aspects that are involved with firewalls and intrusion detection systems.