Sunday, 31 March 2019

Network security equipment s

Network Security Equipment - Firewalls, NIDS, HIDS, IPS
Firewalls:
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer based application upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
There are different types of firewalls which serve nearly same purpose but for different audiences. The two most common types are: 1) Network level firewalls: These are standalone boxes & are much more sophisticated with loads of features. To mention a few, SPI[Stateful Packet Inspection],Deep Packet Inspection, Logging Capabilities etc. They usually run on proprietary Operating system such as the Cisco series, they run on the Cisco IOS[Internetwork Operating System. 2) Application level firewalls: Software firewalls, application level proxies come under this category. Apart from the regular huff & puff they offer a few nifty features such as content filtering, blocking unwanted hosts.
Generally, firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent hackers from logging into machines on your network. More sophisticated firewalls block traffic from the outside to the inside, but permit users on the inside to communicate a little more freely with the outside.

NIDS (Network Intrusion Detection System) & HIDS (Host Intrusion Detection System):
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network activity and identify any suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS essentially reviews your network traffic and data and will identify probes, attacks, exploits and other vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the event or even paging an administrator. In some cases the IDS may be prompted to reconfigure the network to reduce the effects of the suspicious intrusion.
An IDS specifically looks for suspicious activity and events that might be the result of a virus, worm or hacker. This is done by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and by tracking general variances which differ from regular system activity. The IDS is able to provide notification of only known attacks.
Network-based vs. Host-based IDS:
Intrusion detection systems are network or host based solutions. Network-based IDS systems (NIDS) are often standalone hardware appliances that include network intrusion detection capabilities. It will usually consist of hardware sensors located at various points along the network or software that is installed to system computers connected to your network, which analyzes data packets entering and leaving the network.
Host-based IDS systems (HIDS) do not offer true real-time detection, but if configured correctly are close to true real-time. Host-based IDS systems consist of software agents installed on individual computers within the system. HIDS analyze the traffic to and from the specific computer on which the intrusion detection software is installed on. HIDS systems often provide features you can't get with network-based IDS. For example, HIDS are able to monitor activities that only an administrator should be able to implement. It is also able to monitor changes to key system files and any attempt to overwrite these files. Attempts to install Trojans or backdoors can also be monitored by a HIDS and stopped. These specific intrusion events are not always seen by a NIDS.
While it depends on the size of the network and the number of individual computers which require intrusion detection system, NIDS are usually a cheaper solution to implement and it requires less administration and training − but it is not as versatile as a HID.
IPS (Intrusion Prevention System):
IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) both increase the security level of networks, monitoring traffic and inspecting and scanning packets for suspicious data. Detection in both systems is mainly based on signatures already detected and recognized.
The main difference between one system and the other is the action they take when an attack is detected in its initial phases (network scanning and port scanning).
a) The Intrusion Detection System (IDS) provides the network with a level of detective and alertive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks.
b) An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds.
While many in the security industry believe IPS is the way of the future and that IPS will take over IDS, it is somewhat of an apples and oranges comparison. The two solutions are different in that one is a passive detection monitoring system and the other is an active prevention system.

No comments:

Post a Comment