Intrusion Detection And Prevention System -
Case Study

 

 

Problem Statement

An Intrusion Detection and Prevention System- A security service that monitors and analyzes system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner. This system has client-server architecture, consisting of a server and multiple client computers (desktop/laptop/palmtop). The system provides support for LAN/MAN and WAN simultaneously. An intruder is somebody (A.K.A. "hacker" or "cracker") attempting to break into or misuse your system. The word "misuse" is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email system for spam.

Intrusion detection system-The complete solution for the intrusion detection system

The software is be divided into three parts:

  • Network intrusion detection systems (NIDS)
    • NIDS monitors packets on the network wire and attempts to discover if a hacker/cracker is attempting to break into a system (or cause a denial of service attack). A typical example is a system that watches for large number of TCP connection requests to many different ports on a target machine, thus discovering if someone is attempting a TCP port scan. A NIDS runs either on the target machine who watches its own traffic (usually integrated with the stack and services themselves), or on an independent machine promiscuously watching all network traffic (hub, router, probe). Note that a "network" IDS monitors many machines, whereas the others monitor only a single machine (the one they are installed on).

  • System integrity verifiers (SIV)
    • SIV monitors system files to find when an intruder changes them (thereby leaving behind a backdoor). A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well-known signatures. It also detects when a normal user somehow acquires root/administrator level privileges.

  • Log file monitors (LFM)
    • LFM monitor log files generated by network services.

    For further queries contact info@zenwaves.com
    L o g i n
    1
    Employee Login
    a
    N e w s
  • Zenwaves launches its network security

  • Another significant leap-Image processing domain

  • Initiative towards promoting Open-Source Software

    • Knowledge Center
    Case Studies
      Articles
      downloads
      Careers
      Japanese Version

    		 
      © 2008 Zenwaves STPL. All rights reserved.