Analysis and design of intrusion detection system implementation / Chia Fook Keong
Nowadays, firewall has been widely used to enforce network security policy in organizations. However, maintaining a good and up to date security policy is not an easy task. Furthermore, maintaining a firewall is even harder. A slip of mouse will let the hackers to drive through the firewall easily....
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2003
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/10010/1/Chia_Fook_Keong.pdf http://studentsrepo.um.edu.my/10010/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Nowadays, firewall has been widely used to enforce network security policy in organizations. However, maintaining a good and up to date security policy is not
an easy task. Furthermore, maintaining a firewall is even harder. A slip of mouse will let the hackers to drive through the firewall easily. Sometime, a badly configured firewall will engender a false sense of security. This can be worse than no firewall at all. As such, Intrusion Detection System (IDS) has been introduced as a second line of defense to protect an organization. IDS can be
either host-based, network based or integrated. The functions of IDS include continuous monitoring and analysis of users and system activities as well as
auditing system configurations and vulnerabilities.
This report studies the implementation issues of IDS. The IDS chosen was Snort, which is a free, open source, lightweight, multi-platform and customizable software. The Faculty of Computer Science and Information Technology (FCSIT), University of Malaya network has been chosen as the testing site, First, this study analyzes the environment and protocols run in the FCSIT network. The study finds that FCSIT network has multiple virtual local area networks (VLANs) and is running Hot-Standby Routing Protocol (HSRP) and Network Address Translation (NAT). Through the analysis, both HSRP and NAT affect
the IDS implementation. Secondly, IDS is implemented in selected locations and the data gathered are analyzed. Network and system weaknesses discovered are rectified. The IDS is then fine tuned to reduce false alarm and improve detection performance. Through this, FCSIT network security is further enhanced. |
|---|