Buy Online Research and Analysis Paper
- Details
- Hits: 13227
Comprehensive research and analysis of Network Intrusion Detection System: SNORT
Understanding of a network intrusion detection system (NIDS) requires first understanding the meaning of the term intrusion, which is available in sample papers. Intrusion refers to an attempt by a hacker to access a system or a network while a network intrusion detection system detects such attempts by monitoring the flow of data in the system and raises an alarm whenever a malicious behavior is sensed (Castano, Fugini, Martella, & Samarati, 1995).
The objectives of a NIDS include offering continuous monitoring of the traffic in a system to detect any malicious activity and attacks, provide detailed information about the attempt or attack, respond appropriately to counter the attack and store the occurrences whenever there is an attack (Northcutt & Novak, 2000). Any article on marketing as well as descriptive argument can be very resourceful.
A NIDS is positioned strategically in a system so that all the data flowing in the network can be monitored. It is therefore paramount to consider the two types of NIDS namely the signature based system and anomaly based system and make a comparison between the two. The signature based NIDS is directed towards a particular threat and thus has a limited number of false positives. Anomaly based NIDS has many false positives and monitors unusual malicious attempts and attacks. It is therefore important to make a choice for the NIDS that suits specific needs (Bruschi, Martignoni & Monga, 2007).
A NIDS has many benefits such as deploying the system without interfering with the existing network, as the system is independent. NIDS are cost effective as once installed works for entire network thus saving the cost that would be incurred in installing software at each host in a system. Through a NIDS, attacks that the home-based sensors may have failed to sense are detected. A NIDS provide a real-time monitoring of attacks and gives the attacker no chance to interfere with evidence of any malicious behavior (Northcutt & Novak, 2000).
Despite the many advantages of a NIDS, there are a few disadvantages. The system is likely to be overloaded because of huge volumes of alerts made daily by NIDS. The high frequency of false positives may reduce confidence on alerts in general. The reliability of NIDS would be affected by any attempt to reduce the number of false positives. The work of analyzing and filtering cannot be automated and has to be done manually (Bruschi, Martignoni & Monga, 2007).
The following is an analysis of the effort being made in designing a NIDS for networks to prevent unauthorized persons from accessing them or even misuse by the permitted users. Many methods can be used to deter intrusion into a network but only the effective ones can successfully monitor instances of an attack in a system. The first three components of NIDS are prevention, preemption, and deterrence. Although they play a passive role, they are able to reduce the success of a hacker intruding in a system. For example, an organization can offer its employees with guidelines on security training and seminars as well as through initial screens where warning notices can be posted. After the first three components are successfully implemented, another set of three important components follow which are deflection, detection, and measures to counter an attack. The latter components are active and meant to detect intrusion for the critical elements of a network. It is important to note that any security measure depends on the accuracy of the identification of the intruder in a network even before defensive mechanisms can be used (Northcutt & Novak, 2000). Welcome to an article on education as a social institution where original papers on any topic are available.