Professional Documents
Culture Documents
LaRon Walker
April, 2010
2
LaRon Walker
April, 2010
As more and more computers connect to the Internet each day, the potential for information
theft grows with each connection. There is a constant need to implement security measures that will
stop this from happening. Even with a combination of antivirus applications, firewalls, anti-adware and
spyware programs along with other forms of protection, hackers are still finding ways to gain
unauthorized access to computers. Any computer that connects to the Internet runs the risk of being
compromised. Intrusion Detection Systems (IDS) along with some of the above mentioned components
Intrusion Detection Systems help protect against those unauthorized entry attempts into
networks and computers, and also help log these attacks so the information can later be used to correct
and improve existing security strategies. These systems primary purposes are to monitor all network
traffic, and identify and stop unusual network activity from computers within that network. The main
purpose is to stop the 5 phases of an intrusion attempt. Per Barr (2007), these phases are as follows:
1. Information Gathering
3. The Attack
4. Successful Intrusion
3
An IDS can help in any of the above stages, as it would log the information necessary for network
security administrators to implement strategies to close loopholes or fix security exploits. However, an
IDS will only be effective if the logs are reviewed frequently, and alerts are acted upon in a timely
manner. These systems must also be maintained and kept up-to-date as hackers are constantly
developing ways around them. This is why other security measures like antivirus, firewalls, and data
encryption must also be in place to help prevent against unauthorized access to information.
There are many different intrusion detection systems and strategies that can be used to prevent
against attacks. From my experiences, I have found that running Linux has been very successful, as it has
many different security options to choose from to help protect critical data. A combination of SNORT
(IDS), Etherape (IDS), SELINUX (Firewall), and IPTABLES (Firewall) allows me to monitor all incoming and
outgoing network traffic via log files, alerts, and visual displays. Using this technique also allows me to
monitor network traffic from other devices on my network as well. Overall, using an IDS along with
other security techniques can help protect against the 5 phases of an intrusion attempt, as long as all
References
Barr, J. (2007). Intrusion Detection Strategies. Faulkner Information Services. Retrieved April 9,