Lecture 11: Network Firewall and VPN planning implementation:

IDS, IPS:

Comparison: IDS vs IPS

Intrusion detection system (IDS) is more like a monitoring system whereas IPS is a control system.
That means, IDS continuously monitor the network traffic for any suspicious activity and alert the
administrator if found whereas IPS acts to suspicious activity with the aim of preventing them from
reaching to targeted system.

IDS compare network traffic against known threats, and someone is needed to analyse the results
and take necessary actions. IPS can detect and acting itself. Unlike IPS, IDS is passive/offline, so
traffic does not have to flow through IDS.

Everything about IDS and IPS:

https://www.upguard.com/blog/ids-vs-ips

How are IDS/IPS different from firewall?

Limitations:

IDS is more vulnerable to network evasion technique.

IDS/IPS sensor failure can cause abnormal/ intrusion to bypass network security and then cause
severe attacks.

Cannot protect against weak authentication: If an attack gains access due to weak password, IDS will
not be able to detect such abnormalities.

Outdated signature database is prone to new attacks.

False positive and noise due to bad packets.

Prevention from zero-day attack:

Use of IPsec: As we know, with IPsec it encrypts and authenticates all network traffic. Any suspicious
traffic will be prevented.

Deploying firewall for scanning data packets for threats.

IDS/IPS: IDS and IPS must be placed in our network for continuously monitoring and analysing the
network traffic. In case of any suspicious detection, it will alert the administrator so that mitigation
measures can be implemented.
Examples of Zero-day exploit:

https://guardiandigital.com/blog/zero-day-attack

Components of Intrusion detection System:

IPS and IDS can deploy as a sensor in router, security appliances subjected to provide IDS/IPS
services, Host software on client computer, servers.

Lecture 10: Network Firewall and VPN planning implementation:

Selecting a firewall for any company needs to address company’s characteristics: The common
firewall implementation and design should address:

Suitability,

Flexibility,

Training,

Need,

Risk,

Cost.

Software firewall and VPN: Smoothwall, openswan

Features

Testing smoothwall-47

Troubleshooting -48

Openswan-49

Microsoft DirectAccess as an alternative to VPN:

http://techgenix.com/microsoft-directaccess-overview/
lecture 9: Network Security and threats.

Case studies:

Identify assets:

Identify threats:

Malicious attack

Theft : hardware theft, software theft

System failure

Worms viruses

Identify vulnerabilities:

Weaknesses that can be exploited by threats

Lack of user knowledge

Poor choices of password

Unsecured data transmission

Poor security policies

Recommend solutions:

Firewalls, IDS, Network monitoring tools

Before implementing the measure, it is important to calculate the cost of implementation and the
benefits of implementation. If implementation cost exceeds benefits, then its better to accept the
risks.

Risk matrix:

Risk = Impact X Likelihood

 Impact Likelihood Risk Countermeasures
(a) (b) (c)
Threats

High High critical Firewalls, IDS, regular

Malicious attack OS patching

Loss of data low Medium Surveillance cameras,

Theft (hardware (high) buzzer, and Alarm
theft) system.

All servers and Low Low The IT infrastructures

System Failure devices could be should be maintained in
E.g. Electrical damaged regular basis.
power problem (critical)
Sensitive data can Medium Low Backup Server, control
Human Error be lost but could user access to
(accidental be recovered from information
deletion of file) backup
(Low)