Posted: January 31st, 2023

Part B Research Questions around Intrusion Detection System (IDS), Firewall and Honeypot

Part B

Research Questions around Intrusion Detection System (IDS), Firewall and Honeypot.

Question 1: Can an integrated system with IDS, IPS, Firewall & Honeypot together to improve the real-time system security? Discuss how and provide one real-world example (e.g., in the context of smart city) with network topology and illustrate the relevant tools/techniques in use.

There is an immense increase in the number of cybercrimes, these days so it is really difficult to integrate a security solution that would be enough to detect and protect any attack.
IDS: (Intrusion Detection System) –It observes and examines any kind of harmful activity on the database system. This system indicates any doubtful activity but cannot obstruct and prevent the attacker.
IPS: (Intrusion Prevention System) This is used to fend off any invader to get any personal information as it blocks all the traffic access in the system.

Firewall Security – it is designed to foresee unapproved access to or from a private system. One of the upsides of utilizing a firewall is that it can be altered as per the system needs, for example blocking unseemly messages or senders.

Honeypot –It is a worthy resource that attracts and keeps an eye on intruder’s activities that help to defend the network users from any attack.

How they can improve security – Notwithstanding raising a caution, IPS can moreover organize norms, approaches and required actions after getting alerts. It can moreover be gathered into NIPS (arrange interruption counteractive action framework) which is put at unequivocal shows on the framework screen and shield the framework from harmful activity or HIPS (have interruption avoidance framework) which is realized on each host to screen its activities and take fundamental exercises on disclosure of odd direct. Utilizing mark or irregularity-based identification system, IPS can:
• it distinguishes and evaluate dangers, catch intruder and execution progressively to ruin such occasions that firewall or antivirus software may miss.
• Fend off the attacks from DoS/DDoS.
• Whenever IPS found any harmful activity it registers the network movement at that time only thus maintaining the privacy of users.
• Stop interruptions on the SSL convention or maintain a strategic distance from endeavors to discover open ports on component has.
• OS fingerprinting attacks that are used by hackers to detect the OS of targeting system to protrude particular move are detected and thwart.

An IPS is a working control part that screens the framework traffic stream. It recognizes and shows helplessness and use of harmful resources of information that intruders use to ruin and supervise an application or structure. Every security device has great conditions and injuries and firewalls are the equivalent. In case we applied demanding wary parts into our framework to shield it from burst, by then it might be possible that even our genuine correspondence could breakdown, or in case we grant entire show exchanges into our framework, by then it will in general be viably hacked by malevolent customers. Honeypot gives larger perceivability and gives permission to IT security groups to protect against invaders that the firewall ignores to thwart. Honeypots have many advantages and large amount of associations set them as an extra security against outer and inner invaders.

Tools – Some firewall tools and intrusion prevention tools are given below:
a) OSSEC
b) Snort
c) OPEN WIPS NG
d) AIDE
e) Comodo Firewall
f) GlassWire
g) PrivateEye

Question 2: Describe the IDS and Honeypot development history based on the timeline (e.g., in a chronological order in year)?
History of Honeypot – Two production companies has started honeypots probably in 1991, “The Cuckoos Egg” and “An Evening with Breford”. “The Cuckoos Egg” by Clifford Stoll was about his experience getting a PC programmer that was in his enterprise scanning for privileged insights. The other production, “An Evening with Berferd” by Bill Chewick is about a PC programmer’s travels through snares that he and his associates used to get him. In both of these compositions were the beginnings of what progressed toward becoming honeypots.
The deceptive toolkit which was the primary kind of honeypot was released in 1997. The main aim of deceptive toolkit was to use it for double dealing to attack back on invaders. later, in 1998 the main business honeypot came out. it was known as Cybercop sting. In 2002 the honeypot could be shared and used wherever all through the world. From that point forward honeypot innovation has improved incredibly and numerous honeypot clients feel this is just the start. the philipines Honeypot project was started to promot PC wellbeing over in the philipines in 2005.

IDS (Intrusion Detection System) – The IDS began thirty years ago when undertaking system developed another test: the requirement for client access and client checking. Every task in daily life depends upon the use of frameworks so one should have work on client’s security and safety.
A huge piece of the hidden advancement on IDS was made inside the U.S. Flying corps. In 1980, James P. Anderson, a pioneer in information security and individual from the Défense Science Board Task Force on Computer Security at the U.S. Flying corps, made “PC Security Threat Monitoring and Surveillance,” a report that is consistently credited with displaying motorized IDS. Not long after this report was released, the essential model was manufactured, coming about because of comparable procedures used by threatening to contamination applications: choose based structures that constantly checked and dissected framework traffic against a summary of known perils.
In late 1980’s with an emerging number of shared systems, Executives of endeavor framework from the wholw world started receiving interference in location frameworks. Notwithstanding, IDS exhibited a few issues.
In the 1990’s, IDS development improved to address the extending number and multifaceted nature of framework attacks. This new methodology, named irregularity ID, relied upon perceiving strange individual direct benchmarks on the framework, and offered cautions to any recognized anomaly. Grievously, the clashing thought of frameworks through the 1990’s and mid 2000’s realized a high number of false positives, and various chiefs trusted IDS to be sketchy, and set out toward a moderate death.
Question 3: Discuss the main differences (minimum 3) between the firewall and IDS? Using the diagram to illustrate the components for the types of IDS vs firewall. Use two or three sentences to discuss the differences based on your understanding?
Firewall vs. IDS:
Differences between IDS and Firewall are written below:
• A firewall (generally) sits at the framework fringe of the structure, where as an IDS/IPS can work at the framework level, yet also work at the host level. Such IDS/IPS systems are called have based IDS/IPS. They can screen and make a move against running methodology, suspicious sign in undertakings, etc. Models join OSSEC and osquery. Possibly unfriendly to contamination programming can in like manner be considered as a kind of IDS/IPS.
• A firewall is no doubt clear and to be sent. It can in like manner manage its own. However, an IDS/IPS is progressively eccentric and in all probability ought to be fused with various organizations. For example, the consequence of IDS will go into SIEM for relationship examination, for human specialists, etc.
• Centre is a standard based motor for “convention” firewall at any rate. Be that as it may, IDS/IPS can use abnormality-based discovery-based strategies to recognize any interference.

IDS vs. Firewall Using diagrams:
With the help of pictures and diagrams the differences are shown below:

This network diagram shows the clear difference where the router end security is provided by IDS after Firewall. This diagram is used for example and is taken from (SecureWorks).
My Understanding of differences:
Both can be used in same network to enhance security because there is not much difference between them. Given the comparability between each of the three frameworks there has been some union after some time. From a system stream and authoritative point of view the firewall and IDP are practically indistinct regardless of whether they are actually two separate gadgets.

REFERENCES:

1. Proactive Security Mechanism and Design for Firewall, Saleem-Ullah Lar, Xiaofeng Liao, Aqeel-ur-Rehman, MA Qinglu, Journal of information security, Vol 2, No 3, July 2011.
2. A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems, Indraneel Mukhopadhyay, Mohuya Chakraborty, Satyajit Chakrabarti, Journal of information security , Vol 2, No 1, January 2011.
3. Honeypot technologies 2006 First Conference https://www.first.org/resources/papers/conference2006/veysset-franck-slides.pdf

Check Price Discount

Study Notes & Homework Samples: BCJ100 (2) Define due process, as required by the Bill of Rights »A study of the role of human rights in the fight against terrorism