Intrusion Detection and Prevention Systems

Table of Contents

Intrusion Detection and Prevention Systems

NSA Fact Sheet: Best Practices for Keeping Your Home Network Secure

Operating System Security

Modern OS Migration

Application Updates

Other Recommendations

Types of IDS/IPS

Signature

Anomaly

Stateful Protocol

Logging

Detection

Prevention

Host

Network

Available Tools

OSSEC

SNORT

OSSIM Splunk

Squil

Arcsight SIEM Platform

HondeyD

Hippo

PortSentry

Concerns

Compatibility

User-friendly Interface for Home-users

Conclusion

ABSTRACT

Intrusion detection and prevention systems are vital to all enterprise, organization, and home computer and network users. They enable monitoring, detection, and prevention mechanisms to ensure confidentiality, integrity, availability, and non-repudiation of resources. A common misconception from average home-users of a secure computer system within their network is utilization of anti-virus software will ensure the integrity of a system. Forms of secure mechanisms should include utilization of firewalls, intrusion detection and prevention systems, and secure operational practices. In addition, appropriate configurations and administration must be implemented. This document will provide a brief overview of best security practices described by National Security Agency's Fact Sheet: Best Practices for Keeping Your Home Network Secure, and an emphasis on intrusion detection and prevention systems (IDS/IPS), including types of IDS/IPS, available tools, and concerns with IDS/IPS.

The purpose of this presentation is to provide the readers with awareness and education of technologies available that will assist in detection, prevention, and mitigation of threats- both proprietary and open source. New technologies continue to flood our community, increasing the amount of competencies needed to protect their computer and network system. This means our users will continue to be less competent than needed to protect their technology environment from malicious entities. Not all “average Joes” are aware of the technologies needed to secure a system. “Average Joes” make up a large portion of our community. With new iPhone and Android technologies, we can take advantage of wireless communication to allow home users to be their own administrator.

Many computer sciences and security professionals have been taking advantage of these technologies for many years by configuring their home and professional networks to notify them in an event of an attempted security breach. This presentation will provide the audience with appropriate competencies of where to get the technologies, but there is an even bigger threshold we must pass: IDS/IPS development needs. Configuration, management, and deployment of IDS/IPS systems have been implemented by security professionals for many years. It is now the timewe teach our other 95% of home-users to understand and implement these technologies as well. Or at least create an easy-to-use interface that will configure a network appropriately for maximum security.