Professional Documents
Culture Documents
IDS, IPS:
Intrusion detection system (IDS) is more like a monitoring system whereas IPS is a control system.
That means, IDS continuously monitor the network traffic for any suspicious activity and alert the
administrator if found whereas IPS acts to suspicious activity with the aim of preventing them from
reaching to targeted system.
IDS compare network traffic against known threats, and someone is needed to analyse the results
and take necessary actions. IPS can detect and acting itself. Unlike IPS, IDS is passive/offline, so
traffic does not have to flow through IDS.
https://www.upguard.com/blog/ids-vs-ips
Limitations:
IDS/IPS sensor failure can cause abnormal/ intrusion to bypass network security and then cause
severe attacks.
Cannot protect against weak authentication: If an attack gains access due to weak password, IDS will
not be able to detect such abnormalities.
Use of IPsec: As we know, with IPsec it encrypts and authenticates all network traffic. Any suspicious
traffic will be prevented.
IDS/IPS: IDS and IPS must be placed in our network for continuously monitoring and analysing the
network traffic. In case of any suspicious detection, it will alert the administrator so that mitigation
measures can be implemented.
Examples of Zero-day exploit:
https://guardiandigital.com/blog/zero-day-attack
IPS and IDS can deploy as a sensor in router, security appliances subjected to provide IDS/IPS
services, Host software on client computer, servers.
Selecting a firewall for any company needs to address company’s characteristics: The common
firewall implementation and design should address:
Suitability,
Flexibility,
Training,
Need,
Risk,
Cost.
Features
Testing smoothwall-47
Troubleshooting -48
Openswan-49
http://techgenix.com/microsoft-directaccess-overview/
lecture 9: Network Security and threats.
Case studies:
Identify assets:
Identify threats:
Malicious attack
System failure
Worms viruses
Identify vulnerabilities:
Recommend solutions:
Before implementing the measure, it is important to calculate the cost of implementation and the
benefits of implementation. If implementation cost exceeds benefits, then its better to accept the
risks.
Risk matrix:
• Trojan Horses
• Bots
• Rootkits
• Logic Bombs
Usage review, backup and patching is a must after deploying the VPN.
split tunneling should be prohibited. While split tunneling, there is always risk that
threat actor can take advantage of remote user to access secure corporate network
and cause severe damage.
There should be central authentication of user through RADIUS server. It will
prevent unauthorized access to VPN.
Strong encryption via IPSEC and AES should be configured and implemented.
http://www.hit.bme.hu/~jakab/edu/litr/VPN/vpn-technologies.pdf
VPN components:
Edge routers,
Cooperate firewalls,
VPN appliances,
VPN architecture
VPN topologies:
VPN vulnerabilities:
• Backdoor attacks: Backdoor installation on remote user devices and other security
appliances would allow remote attacker to data theft, session hijacking, malware implanting
etc.
• Weak client security: lack of personal firewall, IDS/IPS, lack of anti-malware software on
remote user computer will harm the entire network.
• Weak authentication: In case of weak authentication, attacker can access the VPN network
by crafting brute-force attack.
• Worms: Any remote user, connected to the VPN network with infected devices (worms,
malicious viruses) can affect the entire network.
• Credential sharing: attacker may craft various social-engineering technique to lure the victim
into revealing the VPN credentials. And later, they can access the system.