NETWORK PROTECTION & MANAGEMENT

NETWORK -BASED (NIDS)

ADVANTAGES:

NID'S monitor the TCP/IP packet on the network

NIDSs detect the risk based on transfer patterns and essential organization of the network.

-NIDSs can detect large scale of intrusion.

-NIDSs provide response and notification automatically.

DISADVANTAGES:

-The only disadvantage with NIDSs is they require high network bandwidth.

NIDSs ARCHITECTURE

NIDS architecture consists of sensors and consoles.

Two types of NIDS architecture:

-Traditional sensor-based architecture

-Distributed network-node architecture.

Picture1

This system consists of sensor placed throughout the network to monitor all the segments of the network.

Picture2

Consists of an agent placed on each computer in the network to control traffic related only to the individual target.

TRADITIONAL SENSOR-BASED

DISTRIBUTED NETWORK NODE

NETWORK-BASED DETECTION

In network-based detection, netwwork-based attacks are dealt before they can occur due to operating system vulnerabilities.

-Unauthorized access
-Data/resource theft
-Denial of Service(DoS)
-Password download
-Malformed packets
-Packet floating

EXAMPLE:

Unauthorized access:

-Unauthorized access can be an unidentified person entering the network and logging into your system without prior request.

Data/resource theft:

-Identifying the committees that performs corporate espionage like gathering information from one industry and revealing it in another company.

Denial of Service (DoS)

-An exlicit attempt mde by the unauthorized person to deprive the legitimate users to access the services.

Password downloads:

Password download is a simple, but effective, attack.

Malformed packets:

This type of attack mainly causes protocol stacks to crash over a network.

Packet flooding:

This is DoS technique that involves sending of more packets over a single network device that leads to network crash because it cannot handle more packets.

NETWORK SIGNATURE:

APPLIANCE-BASED FIREWALL

-Patterns within the packet content.

-Pattern within the header information.

-Provides pattern matching with the packet content.

Packet content signature:

-Effective in detecting suspicious activity without considering packet content.

Packet header analysis:

Network signature analyzes the patterns in two forms:

-PIX Security Appliance

-Netscreen

-SonicWall

SERVER-BASED FIREWALL

-Microsoft ISA

CheckPoint

BorderManager