Networking and Security: Protecting Sensitive Data for Organizations

1114 Words5 Pages
Today networking becomes as essential as veins in human body. Without networking any organization can’t achieve success. Considering to its necessity it is very important to protect an organization’s sensitive data and resources from intrusions. An intrusion means any activity that violates the confidentiality, integrity and availability of a system. Many preventive techniques such as user authentication, tight access control mechanisms, or firewalls are employed by an organization to protect data and resources from intrusions. These preventive techniques are incapable of detecting attacks which exploit the strengths of any application programs. Hence; Intrusion Detection Systems have to come into existence as a second line of defense. IDS is software that automates the process of intrusion detection. The aim of an Intrusion Detection System, IDS, is to detect illegal and improper use of system resources by an unauthorized person by monitoring network traffic and audit data. The techniques employed by an Intrusion Detection System fall into two broad categories. Signature -based detection and Anomaly-based detection.

• Signature-Based Detection:
A signature based IDS uses a signature based database for detecting mischievous activities. Each signature represents a pattern of action which corresponds to a known attack. The signature-based IDS examine current traffic, activity, dealings, or behavior, and try to match with this known pattern of predefined attacks. The strength of these systems lies in their signature database and therefore the database needs to be continuously updated to incorporate information about new attacks.
• Anomaly-Based Detection:
Anomaly-based IDS create a profile that represents normal usage and then...

... middle of paper ...

...ecurity problems for two reasons. First, the dangerous assumption that all hosts on the network are trustworthy. Second, the exchanges and storage of the private keys must be handled carefully to keep their secrecy. Another problem arises when network bandwidth is high. In this case, the IDS might have some difficulties to analyze all the packets. The last problem is related to switched networks where the traffic is sent only to the appropriate destination instead of broadcasting it. In that case, the traffic does not necessarily pass through the line monitored by the IDS, making the detection of intrusion rather difficult.
• Application-Based IDSs:
Application-based IDSs are located at the application level on a host computer. They can detect intrusion attempts towards a specific application. They are the least common type of IDSs because of their limited scope.

More about Networking and Security: Protecting Sensitive Data for Organizations

Open Document