The primary focus of the dissertation is on detailed implementation methodology of exploit prevention using signature-based network Internet Protocol Service (IPS) after analysing the logs on multiple Intrusion Detection and Prevention Systems (IDPS) that host while installed on the network. In this context, research will be conducted to work out a detailed mechanism of deployment of a Network Intrusion Detection and Prevention Systems (NIDPS) to establish a future roadmap of implementation for Network Admission Control (NAC) on a production computer network that will enhance systems that enable these advanced intrusion-profiling techniques. This research proposal will function within a qualitative nature to attempt to discover the outcomes of the study (Akal, 2012).
Security is a psychological impulse within ourselves so we feel comfortable and protected. Security is the idea of something being in a location unable to be modified, stolen, damaged and or removed without permission. According to the American Heritage Dictionary of English Language (2006) secure is a word describing freedom of danger, attack and risk of loss. A sense of security has always been an element of the human infrastructure to protect what is theirs from outside intruders (Rash, Orebaugh, & Clark, 2014). We can see this in the methods by which ancient people constructed their homes and the usage of fortifications in their villages, towns and cities. These ancient protections were an essential part of life, to live in safety and comfort while the daily activities were carried out. In modern times our military, the civilian police force and other government services reflect such protective methods. A major difference is, while physical fortifications were sufficient for our ancestors, we must incorporate cyber fortifications to meet the challenges of today’s environment (Amoroso, 2013).
Intruders today use malicious binary codes as the latest weaponry for a battering-ram technique to demolish and bypass our cyber security walls, so they can pillage and collect the bounty of their victim’s cyber home. (Fichera & Bolt, 2013), describe the growing age of information warfare, which reflect information security as displaying patterns that expand into a more offensive than defensive stance. Cyber-criminal profiling, like in the physical world, is when an intruder rampages a cyber-graphical location, the crime-scene is scanned for evidence to determine the criminal’s profile, which is then introduced on a broadcasting-band throughout the law enforcement community in order to assist in the capture of the intruder(s). (Ghorbani, Lu, & Tavallaee, 2010) examines the idea of intruder identity data by tracing the thumbprints of continuous attacks, even if the intruder obscures their identity by logging through chains of multiple faces and systems. This study will interpret how technological experts understand, manage, and implement intruder profiling within their working environment.
Intruder profiling has been linked to security as long as security has been with the human mindset of ancient times. Crime scenes are often the charted stepping-stones to intruder profiling. An investigator would carefully note evidence and image the scene as it happen in order to profile the intruder of the crime. The intruder profiling is then used to prevent, detain, prosecute the criminal (Rothrock, 2018).
For the modern IT enabled businesses, Internet has emerged as the most significant tool to enhance competitive advantages in almost every aspect of the business – sales & marketing, branding, customer services, corporate governance, employee services, project engagement, etc. However, given the openness, reach & flexibility of the Internet the threats have increased considerably whereby many of them are almost always present and can exploit the vulnerabilities of Internet enabled systems of companies at will against slightest of slippage by the security administrators (Ghorbani, Lu, & Tavallaee, 2010). The hackers carry out organized attacks on the web enabled systems using custom programmed, packaged and tested tools that have the capability to penetrate deep into the Internet enabled IT systems of the Corporate Networks and provide unwarranted controls to the attackers regardless of where they are in the world. The purpose of such attacks can be manifold – fun, community interests, competition activity, data breaches, service disruption or sabotage (Scott, Wilson, & Canterbury (N.Z.), 2012). In fact, the overall magnitude & power of modern threats are very high and hence the traditional permit/deny policies of Stateful Inspection Firewalls cannot help in protecting the business. The Stateful Inspection Firewalls can either permit or deny traffic through the open TCP or UDP ports but cannot inspect the traffic allowed to pass through the open ports. Hence, advanced protection measures are mandatory that should have the capability to inspect traffic passing through the open ports and inform the security administrator about the suspected malicious traffic (Frahim, Santos, & Ossipov, 2014).
In modern era of Globalization and stringent competitiveness, businesses can be exposed to almost recurring risk of losing market shares if they are not alerted against intrusions occurring from the Internet. The economies across continents are well connected in this era and hence activities carried out by attackers in one country can impact other countries across the globe. The Internet is no longer a test bed for the intruders – they have evolved beyond the fundamentals of the hacking technologies. As analyzed by (Herrero & Corchado, 2011), the current threats to organizations are more from sophisticated intruders because the existing security technologies are well equipped to protect organizations against the standard threats. Well-funded groups around the world that break into US Government networks for gathering sensitive information. The reader shall appreciate that it is a multi-step process that is executed in a number of days. If the security administrators are able to track the traces left by the steps executed by the attackers, they can block the attacks and protect valuable information of the organization. Tracking such traces is a very complex process and is normally as sophisticated as the methodology used by the attacker (Stallings, 2017).
The intruder host first tries to locate the weakest host(s) on the network (to which the attacker connected through Internet or unsecured wireless network) using tools that can help in finding them using hit and trail and multiple configuration options (Yang, 2016). Once such hosts are identified, the attacker uses them as proxy hosts (also called launch-pads) and attempts to connect to the command and control hosts (like domain controllers or authentication servers). The proxy hosts help them to inject certain sniffing and spoofing tools into the command and control hosts that help in stealing administrative privileges (Huang, S. C.-H, MacCallum, & Du, 2010). Once the command and control hosts are conquered, then the attacker becomes an externally placed network administrator and is able to steal and push data wherever he wants either in hidden folders within the network or outside the network on the Internet. The intruder first targets the weakest hosts on the network, exploits them and develops them as launch-pads (Yu, Tsai, & J. J.-P, 2011). Thereafter, the intruder communicates with the command & control hosts on the network through the compromised host and attempts to find out as much information about data repositories as possible (IP address, passwords, commands, etc.). After getting adequate information, the intruder is able to attack the command & control host directly such that commands can be run on the data repositories and stolen data exported to external repositories (Jakubowicz et al., 2017).
Most cyber-attacks begin with “sniffing for vulnerabilities” that help the attacker plan an exploit strategy. Example of such a sniffing tool is the Network Mapper (NMAP). Mapping is a mechanism of silent sniffing that is used by hackers to detect Internet enabled Host IP addresses and the operating systems, running applications and the ports and services open on them. This method is used to gather information about the Internet enabled hosts to carry out attack profiling (https:/nmap.org) whereby the results are used to plan the attack. Attack profiling is essential for an attacker such that no time is wasted trying endless attacks on hosts. If the profiling is carried out accurately, the attacker can know the vulnerabilities to be exploited and choose the most appropriate exploits and payloads. Such exploits (with payloads) can then be launched using deadly exploit and hacking tools like the Metasploit Framework (Jaswal, 2014). Such a framework can practically penetrate any application or operating system of the world. Many security consultants use this tool to carry out Penetration Testing of the web enabled hosts over the Internet for their clients. In the following paragraphs the author hereby presents how an attack can be executed with the help of the sniffed information and the exploits with payloads available on Metasploit framework (Jaswal, 2014).
The signature based exploit detection can help only if the packets have traces of the signatures. But if somehow the exploit is successful and traffic is already started then the signature based IPS systems cannot differentiate between the bogus traffic and useful traffic. In such a scenario, the Flow based detection system can be used that takes into account the “behavioral anomaly detection”. These systems record the flow patterns of packets among the hosts which can be analyzed by the attack profiling tools to detect compromised hosts that are generating bogus traffic. For example, Cisco has built in feature called “Net flow” that records flow patterns and presents to the attack profilers for analysis (Kanopy (Firm), 2014).
The modern network & host based IDPS systems need to employ all the popular detection & prevention strategies at various levels of the network. Such a system needs to operate in collaborative mode such that the attack profilers can collate all the alerts & alarms and carry out root cause analysis and apply collaborative security policies. The primary objective of this dissertation is to present the implementation & management of the collaborative Intrusion Detection and Prevention system by developing attack profiling with the help of traces found on all the systems (Loukas, 2015).
(Messier, 2016) presented a report on the LDRD research project that presents a distributed framework of integrated security. The information about latest anomalies & signatures are propagated to “Sensor Engines” (can be viewed as the probes on the network) on the network by a centralized information processing engine. The framework comprised of three key components – Intrusion Detection System, Localization of Attack Source and Attack containment. These components operate with the help of central information fusion method that supports host & network level anomaly detection and identification of attack source. The researchers developed a strategy of “source isolation” by allowing the routers & firewalls to set packet filters & port blocks automatically by virtue of decision supporting rules. They used the packet inspection strategy of SNORT to compare the headers & contents of network packets with known signatures and match the information with source information such that the malicious ones can be blocked automatically by instructing the routers & firewalls to establish blockades. This framework has the risk of false positives which was recommended by the authors as future enhancements. Looking into the challenge of false positives, (Panko & Panko, 2015) developed a commendable collaborative system of a number of Network Intrusion Detection Systems especially targeted to fight co-ordinated attacks like Distributed Denial of Service (DDOS) and Worm outbreaks. In their system, a number of Intrusion Detection Systems, acting as probes were deployed across the network to detect anomalies at the network level and share the information in two stages of correlation. The primary objective of their research was to identify “hotspots” (heavily loaded IDS systems) on the network such that the load can be distributed among other IDS systems through active collaborations. The IDS systems were allowed to sanitize the logs locally and then distribute them to the core IDS systems tasked to collate all logs and generate collective information. They developed a Load Balancing algorithm to achieve high detection accuracy that were simulated on network simulation tools to prove their algorithm comprising of simulated worm outbreak and real world stealthy scanning using intrusion logs (Perez, 2014a).
(Perez, 2014b) argues that correlation of IDS logs with Vulnerability Analysis results in the probability of increasing true positives and reducing false positives is quite high. The Vulnerability Analysis is procedure used by network & host based scanning tools to detect the security weaknesses of the hosts & network components on the network. Vulnerability analysis can be carried out by using advanced tools that possess vulnerability analytics capability on the supported operating systems and generate easy to understand logs.
This research shall employ the use of questionnaire and then one to one interviews with the target respondents. Thereafter, the responses shall be collated and analyzed such that critical discussions can be carried out and conclusions drawn at the end. The questionnaire shall be designed based on the theoretical foundation established with the help of the literature review (Pino, 2014).
This researcher has analyzed the differences between qualitative and quantitative methods of research for this dissertation. As discussed by (In Jason & In Glenwick, 2016), the researcher in qualitative research carries out systematic collection, sorting, organizing and interpretation of the textual inputs that are collected from interviews, discussions, answers to questionnaire and observations. The following contexts that are associated with qualitative research have been evaluated by the author as against quantitative research:
In this research, Online Survey will be the methodology that will be utilized. This will be done by creating an account with SurveyMonkey and then designing a survey. After designing a complete survey then a web link is generated. This web link is sent via SMS, email or any chat services that my target population can use. They will be required to click on the link and in less than five minutes fill in the questions
Conclusion
This paper is the research proposal for analysing the various security threats and vulnerabilities in enterprise networks and development of strategic framework of collaborative IDPS that can be used to carry out accurate attack profiling (Sue & Ritter, 2012). Attack profiling strategies & methodologies shall be the key deliverables of the research whereby the model shall be created with the help of the global best practices like ISO 27001:2005, COBIT and NIST recommendations for Risk Management. A literature review has been presented in the research proposal to establish the context of the research. The outcome of the literature review has resulted in theoretical foundation used to design interview questions such that a qualitative survey can be concluded.
References
Akal, T. D. (2012). Constructing Predictive Model for Network Intrusion Detection: Network Intrusion Detection Model. Saarbru?cken: LAP LAMBERT Academic Publishing.
Amoroso, E. G. (2013). Cyber attacks: Protecting national infrastructure. Amsterdam: Elsevier/Butterworth-Heinemann.
Fichera, J., & Bolt, S. (2013). Intrusion Methodologies and Artifacts. Network Intrusion Analysis, 5-32. doi:10.1016/b978-1-59-749962-0.00002-x
Frahim, J., Santos, O., & Ossipov, A. (2014). Cisco ASA: All-in-one next-generation firewall, IPS, and VPN services. Indianapolis (Indiana: Cisco Press.
Ghorbani, A. A., Lu, W., & Tavallaee, M. (2010). Network intrusion detection and prevention: Concepts and techniques. New York: Springer.
Herrero, A., & Corchado, E. (2011). Mobile hybrid intrusion detection: The MOVICAB-IDS system. Berlin: Springer.
Huang, S. C.-H, MacCallum, D., & Du, D. (2010). Network security. New York: Springer.
In Jason, L., & In Glenwick, D. (2016). Handbook of methodological approaches to community-based research: Qualitative, quantitative, and mixed methods.
Jakubowicz, A., Dunn, K., Mason, G., Paradies, Y., Bliuc, A.-M, … Connelly, K. (2017). Cyber Racism and Community Resilience: Strategies for Combating Online Race Hate.
Jaswal, N. (2014). Mastering Metasploit. Birmingham: Packt Publishing.
Kanopy (Firm). (2014). Cyber attacks and security breaches: Coping with external threats.
Kizza, J. M. (2015). Guide to computer network security.
Loukas, G. (2015). Cyber-Physical Attacks on Industrial Control Systems. Cyber-Physical Attacks, 105-144. doi:10.1016/b978-0-12-801290-1.00004-7
Messier, R. (2016). Penetration testing with the Metasploit Framework: A quickstart guide to White Hat security discovery and exploitation.
Panko, R. R., & Panko, J. L. (2015). Business Data Networks and Security.
Perez, A. (2014). Network Security. London: ISTE.
Perez, A. (2014). Intrusion Detection. Network Security, 237-251. doi:10.1002/9781119043942.ch10
Pino, R. E. (2014). Network science and cybersecurity. New York: Springer Science+Business Media.
Rash, M., Orebaugh, A., & Clark, G. (2014). Intrusion Prevention and Active Response: Deploying Network and Host IPS. Rockland, MA: Elsevier Science.
Rothrock, R. A. (2018). Digital resilience: Is your company ready for the next cyber threat?
Scott, M., Wilson, N., & Canterbury (N.Z.). (2012). Seawater intrusion network review. Christchurch [N.Z.: Environment Canterbury Regional Council.
Stallings, W. (2017). Cryptography and network security: Principles and practice.
Sue, V. M., & Ritter, L. A. (2012). Conducting online surveys. Thousand Oaks, CA: Sage.
Yang, Y. (2016). Network Intrusion Detection Method based on Neural Network Research. doi:10.14257/astl.2016.134.09
Yu, Z., Tsai, & J. J.-P. (2011). Intrusion detection: A machine learning approach. London: Imperial College Press.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download