Running Head: What does IDS Protect Against 1

What does IDS Protect Against

LaRon Walker

Master of Information Technology and Internet Security

April, 2010
 2

What does IDS protect Against

LaRon Walker

Master of Information Technology and Internet Security

April, 2010

As more and more computers connect to the Internet each day, the potential for information

theft grows with each connection. There is a constant need to implement security measures that will

stop this from happening. Even with a combination of antivirus applications, firewalls, anti-adware and

spyware programs along with other forms of protection, hackers are still finding ways to gain

unauthorized access to computers. Any computer that connects to the Internet runs the risk of being

compromised. Intrusion Detection Systems (IDS) along with some of the above mentioned components

can help protect against these threats.

Intrusion Detection Systems help protect against those unauthorized entry attempts into

networks and computers, and also help log these attacks so the information can later be used to correct

and improve existing security strategies. These systems primary purposes are to monitor all network

traffic, and identify and stop unusual network activity from computers within that network. The main

purpose is to stop the 5 phases of an intrusion attempt. Per Barr (2007), these phases are as follows:

1. Information Gathering

2. Further Information Gathering

3. The Attack

4. Successful Intrusion
 3

5. Fun and Profit

An IDS can help in any of the above stages, as it would log the information necessary for network

security administrators to implement strategies to close loopholes or fix security exploits. However, an

IDS will only be effective if the logs are reviewed frequently, and alerts are acted upon in a timely

manner. These systems must also be maintained and kept up-to-date as hackers are constantly

developing ways around them. This is why other security measures like antivirus, firewalls, and data

encryption must also be in place to help prevent against unauthorized access to information.

There are many different intrusion detection systems and strategies that can be used to prevent

against attacks. From my experiences, I have found that running Linux has been very successful, as it has

many different security options to choose from to help protect critical data. A combination of SNORT

(IDS), Etherape (IDS), SELINUX (Firewall), and IPTABLES (Firewall) allows me to monitor all incoming and

outgoing network traffic via log files, alerts, and visual displays. Using this technique also allows me to

monitor network traffic from other devices on my network as well. Overall, using an IDS along with

other security techniques can help protect against the 5 phases of an intrusion attempt, as long as all

security components are maintained, frequently tested and upgraded.

References

Barr, J. (2007). Intrusion Detection Strategies. Faulkner Information Services. Retrieved April 9,

2010 from Faulkner Information Services database.