Please enable JavaScript.
Coggle requires JavaScript to display documents.
NETWORK PROTECTION & MANAGEMENT (APPLIANCE-BASED FIREWALL (-PIX…
NETWORK PROTECTION & MANAGEMENT
NETWORK -BASED (NIDS)
NID'S monitor the TCP/IP packet on the network
NIDSs detect the risk based on transfer patterns and essential organization of the network.
ADVANTAGES:
-NIDSs can detect large scale of intrusion.
-NIDSs provide response and notification automatically.
DISADVANTAGES:
-The only disadvantage with NIDSs is they require high network bandwidth.
NIDSs ARCHITECTURE
NIDS architecture consists of sensors and consoles.
Two types of NIDS architecture:
-Traditional sensor-based architecture
-Distributed network-node architecture.
This system consists of sensor placed throughout the network to monitor all the segments of the network.
Consists of an agent placed on each computer in the network to control traffic related only to the individual target.
NETWORK-BASED DETECTION
In network-based detection, netwwork-based attacks are dealt before they can occur due to operating system vulnerabilities.
-Unauthorized access
-Data/resource theft
-Denial of Service(DoS)
-Password download
-Malformed packets
-Packet floating
Unauthorized access
:
-Unauthorized access can be an unidentified person entering the network and logging into your system without prior request.
Data/resource theft:
-Identifying the committees that performs corporate espionage like gathering information from one industry and revealing it in another company.
Denial of Service (DoS)
-An exlicit attempt mde by the unauthorized person to deprive the legitimate users to access the services.
Password downloads:
Password download is a simple, but effective, attack.
Malformed packets:
This type of attack mainly causes protocol stacks to crash over a network.
Packet flooding:
This is DoS technique that involves sending of more packets over a single network device that leads to network crash because it cannot handle more packets.
NETWORK SIGNATURE:
-Patterns within the packet content.
-Pattern within the header information.
APPLIANCE-BASED FIREWALL
-PIX Security Appliance
-Netscreen
-SonicWall
-Provides pattern matching with the packet content.
-Effective in detecting suspicious activity without considering packet content.
SERVER-BASED FIREWALL
-Microsoft ISA
CheckPoint
BorderManager
TRADITIONAL SENSOR-BASED
DISTRIBUTED NETWORK NODE
EXAMPLE:
Packet content signature:
Packet header analysis:
Network signature analyzes the patterns in two forms: