Perimeter Defense and Intrusion Detection System

Questions:

1. Research the following SOHO firewall vendors: Linksys, NETGEAR, and D-Link. Compare the features you find in their product lines with the features in enterprise firewalls.

2. Research Microsoft’s latest attempts to provide an integrated host-based firewall product. Look up Microsoft Antispyware and Windows Defender.

3. Research the most common proxies available on the market today. Look at price and features, then comment on which would be better suited to small, medium, and large businesses.

4. Why is it practical to build firewall capabilities into routers?

5. IDSs on the market

Visit this Link

From the list of IDSs select one. Using the lecture slides try and determine:

Is the IDS is network or host based?

Is the IDS using signature based or knowledge based criteria?

6. Is a signature based approach sufficient?  Peakflow is an interesting threshold approach; it is particularly useful for Denial of Service attacks – see if you can find out why from the available information on the site.

7. Locate a case study that describes how a honey pot was used—successfully or not—in an attempt to catch an intruder.

8. Use the Web, newsgroups, bulletin boards, and other online resources to “lurk” within the hacker community. Find online spaces where hackers meet and share information, to see what they are like and how they operate. However, do not participate in any discussions, post any messages, or do anything that might reveal your identity. Simply browse these resources and see what kinds of information you find. Prepare a report to share your findings with the cohort if you wish.

MyAssignmenthelp feature

Answers:

1. The SOHO firewall vendors offer several budget-oriented features in their line of products, which involves CCA (clear channel assessment) technology, WPA/WPA2 encryption, IP based bandwidth control and more.

On the other hand enterprise firewalls includes some advanced features along with the necessary checks and functionalities (Hiller 2014). The advanced features are SSL decryption and identification, integrated IPS, application control with performance and much more.

2. Both Microsoft Antispyware and Windows Defender applications are integrated host-based firewall products, which provides basic security regarding protecting the system from antispyware and malware. Windows Defender comes with the windows and provides basic security (Khattak et al. 2015). Also, windows antispyware is used to remove unwanted spyware present on the system. Both the applications provide necessary protection and help to remove unwanted spyware, adware and malware such as Trojan horse, rootkits and browser hijackers.

3. In a context of computer network Proxy, servers are the servers or machines that act as an intermediary server between clients and other servers. Today’s most of the proxy servers are web proxies. There are three types of proxy servers present (Kotenko, I and Ulanov 2014). Those Gateways that passes client requests, Forward proxy or Internet-facing proxy and reverse proxy or internal-facing proxy. Proxify, AnonyMouse, kProxy are some of the examples of proxy servers that are free proxy servers but may not be secure and are suited for small-scale business. Anonymous proxy servers are may cost a bit but safe and can be trusted and most suitable for large-scale organizations.

4. It is very much logical to integrate firewall capabilities into the even budget line of routers. Routers share the internet sources, and if functionality like firewall can be incorporated within the router, then it makes sense (Rouveyrol et al. 2015). Firewalls are for protecting the users system from unauthorized networks. Firewalls can be implemented in both hardware and software level. Integrating the firewall functionalities into routers are the hardware implementation of the firewall protection.

5. IDS or Intrusion Detection systems are installed in networking devices to monitor the network traffic or the networking data packets. The system reports if it finds any malicious activities or security policy violations. From the given website Graph-based Intrusion Detection, a system has been chosen (Siwak et al. 2014). The chosen ID is entirely network based or host based. GrIDS is using signature based or knowledge based criteria. Signature based criteria are used to identify the predefined attacks and report any anomalous behavior.

MyAssignmenthelp Order

6. Peakflow is a security product based on the common peakflow platform. This security tolls collect data and detects if there are any anomalies present in the system or not. Peakflow seeks and receives three kinds of data about the network state of any networking architecture. Those are given below.

  1. It monitors the flow of data on each networking device and analyzes the breakdown traffic characteristics (Witt 2014).
  2. It describes the network connectivity and also route the networking packets and guide those to reach to their destinations.
  3. It also collects the security data form network intrusion detection system and distribute it throughout the network.

7. Global Integrity Corporation, a SAIC company, conducted case studies for resource technologies. In this section, one of the four case studies has been identified.

In a large corporate environment, 200 honeypots were deployed. Those honeypots were designed as regular servers. The management afterward noticed 200 honeypots hits per week. It also has been found that 70 percent of these attacks were accidental and unfortunate, but 30 percent was deliberate (GREG 2016). Most of the intentional hits appeared to be started by malicious networks looking for sensitive information and critical files.

8. HackYard, Hackhound are some of the hacking communities that are taken up for this discussion. Hacking social networking sites and databases of messengers, decrypting the databases of the social networking sites and famous messenger like WhatsApp are the major threads that are discussed here (Xu 2013). Also, the recent IOS hacks and finding the leaked images are the major concern of these communities.

MyAssignmenthelp Order

References:

Hiller, J.S., 2014. Civil Cyberconflict: Microsoft, Cybercrime, and Botnets.Santa Clara Computer & High Tech. LJ, 31, p.163.

Khattak, N.A., Chadwick, D., Bhatti, R.A., Shad, S.A., Butt, F.S. and Munir, E.U., 2014. ASSESSMENT OF ANTI SPYWARE TOOLS FOR SIGNATURE AND BEHAVIOR BASE TECHNIQUES. Connections, 3, p.8.

Kotenko, I. and Ulanov, A., 2014. Agent-based simulation of DDOS attacks and defense mechanisms. International Journal of Computing, 4(2), pp.113-123.

Rouveyrol, P., Raveneau, P. and Cunha, M., 2015, May. Large Scale Wi-Fi tracking using a Botnet of Wireless Routers. In Workshop on Surveillance & Technology.

Siwak, G., Siebenman, T. and Witt, M., SIWAK GREG, SIEBENMAN TED and WITT MAX, 2016. Intrusion Detection System. U.S. Patent 20,160,012,713.

Zhan, Z., Xu, M. and Xu, S., 2013. Characterizing honeypot-captured cyber attacks: Statistical framework and case study. Information Forensics and Security, IEEE Transactions on, 8(11), pp.1775-1789.