Assessment Task

[TITLE: IPS SENSORS AND

NETWORK ATTACKS]
Table of Contents
1) Introduction.........................................................................................................................................3
2) IPS Sensors...........................................................................................................................................4
3) IPS Sensor Solutions.............................................................................................................................4
4) How IPS stop the Attack?.....................................................................................................................5
5) IPS Products and Appliances................................................................................................................5
6) Differences between IDS and IPS.........................................................................................................6
7) Span ports and IPS...............................................................................................................................7
8) Meta Signature Engines.......................................................................................................................7
9) Passive Operating System Fingerprinting............................................................................................7
10) Conclusion.......................................................................................................................................8
References...............................................................................................................................................9
 1) Introduction
Intrusion detection system IDS and Intrusion preventing systems IPS (Choi, Sungjun, & Hwang,
2018) forms are considered as an integral part of a robust network defense solution. Its main
function is to maintain secure network services which are a key requirement of profitable IP-
based services. However, their function is to be used together to provide a network security
systems that will promote the effect of protection from threats, viruses, malwares and other
Trojan software’s. IPS and IDS (Kenkre, Pai, & Colaco, 2015) both work as a traffic controller
to detect the suspicious data and activities by using signature programming and threats. IDS
mostly allow fever traffic to pass which than responds to protect the network, one of the
advantage of IDS is that, it does not affect the packet flow of the forwarded traffic while the
disadvantage of the IDS that it cannot stop malicious traffic from single-packet attacks from
reaching the target systems before the IDS can apply a response to stop the attack. IDS
sometimes require assistance from the foreign devices or networking sites. However, IPS works
inline in the data stream to provide protection from malicious attacks in real time. This is also
called as inline mode attack. Therefore, unlike IDS, IPS does not allow the attack of packets to
enter inside of the related network.

2) IPS Sensors
IPS meanwhile, monitors the traffic coming from different programs, software’s, hardware’s or
other electronic devices to protect the harmful or threatening traffic. It also provides a protocol
suite to the headers, states and other specified elements. Deep analysis on IPS functioning show
that IPS identify, stop, and block attacks that would normally or casually pass through an
interface on an IPS system. An IPS (Can & Sahingoz, 2015) construct upon previous IDS
technology: the technology includes Cisco IPS platforms use a blend of detection technologies to
identify the function of IPS. There is a key difference between IDS and IPS that easily separate
one system from another, IPS responds immediately and does not allow any malicious traffic to
pass, whereas IDS allows malicious traffic to pass before it can respond to the change. IPS
sensors functions to handle the outgoing and ingoing traffic apart from malicious traffic to focus
on the rest of the network traffic that tries to cross IPS without being noticed. But due to the
effectiveness of IPS sensors which is being used in modern technology or latest technological
devices these networks will be designed in such a way that no traffic will pass through without
the permission of IPS network.

3) IPS Sensor Solutions

IPS technology is being considered as effective sensors whose router configures itself with Cisco
IOS IPS software. It is an appliance that was specifically designed to provide dedicated IDS and
IPS services. Moreover, it is also considered as a network module installed in an adaptive
security appliance, switch or router. Malicious activities are also monitored by IDS and IPS
which includes the attacks against hosts and devices using these two networks efficiently. Host-
based attacks relies on the function and activity by reading security event logs, checking for
changes to critical system files, and checking systems registries for malicious entries. IDS and
IPS networks usually use yes for signature to detect patterns of misuse in network traffic. A
signature is a set of rules that an IDS and IPS uses to detect typical intrusive activity. Signatures
are usually chosen from a broad cross section of intrusion detection signatures. Operations
distributed across multiple hosts over an arbitrary period of time. A sensor differences is shown
as per different available aspects of IDS and IPS. A sensor can be deployed either in
promiscuous mode or inline mode. In promiscuous mode, the sensor receives a copy of the data
for analysis, while the original traffic still makes its way to its ultimate destination. An IPS
sensor must be inline mode otherwise; IPS sensor (Inayat, Gani, Anuar, Anwar, & Khan, 2017)
errors or failure can have a negative effect on traffic control and program protection. However,
overrunning of IPS sensor capabilities with too much traffic does negatively affect the
performance of the network. IPS network can be configured as an IPS sensor which enables itself
to perform a packet drop that can stop the trigger packet, the packets in a connection or packets
from the source of having IP address in its own form. Due to inline mode, IPS sensors can use
stream normalization techniques to reduce or eliminate many of the network evasion capabilities
that exist already. Furthermore, to make IPS sensor work efficiently,
 4) How IPS stop the Attack?
While it is one of the common practices of IPS network to defend the system against the attack
by inspecting traffic briefly, it officially works at the most typical centers like data centers or
corporate headquarters, moreover blocking malicious traffic (Capalik, 2018) at the branch office
or the head office. It deploys router-based threat control at the branch and small business, whose
main focus is to stop the attacks at the point of entry. It works on specific networks such as (a
DoS or DDoS, ARP spoofing, SSL evasion, and Buffer overflow attacks). All these types of
threats can be dealt by IPS network, blocking out all the hackers

5) IPS Products and Appliances

IPS products usually work in the branch office or the headquarters of those offices. There are
multiple IPS products that function on different types of appliances for the purpose to prevent
malicious attacks. The appliances are the components of IPS. You can use IPS related appliances
like CLI, IDM, IME, ASDM, or CSM (Chao, Chuang, Hsueh, & Lee, 2017) to configure the
appliances. You can also configure the appliances to respond to recognized signatures. However,
McAfree is a network security platform that is used as a threat intrusion preventing network that
protects system. McAfree does not enhance network performance but it provides solution that
protects systems and data. Trend Micro Tipping Point is another type of product of IPS network
that also identifies and blocks malicious traffic, and on the other hand enhances network
performance. It is deployed with IP or MAC address to filter out malicious and unwanted traffic.
You can use both of these products in your office system to have the best results in securing your
data.

6) Differences between IDS and IPS

IDS Ashfaq, Wang, Huang, Abbas, and He (2017) and IPS suggest and look for different
patterns of data misuse: that includes two fundamental patterns 1) Atomic pattern, 2) Composite
pattern. Atomic pattern has an access to a specific port on a specific host and malicious content is
present in a single packet while, composite pattern is a sequence of operations distributed across
multiple hosts over an arbitrary period of time. IPS based systems consists of various types such
as, signature based type, policy based type, anomaly based type, and honey pot based type. All
these types have specific advantages along with their disadvantages and future limitations to
guide future IPS networks for the betterment of its system. Sometimes when IPS fails to
encounter the attack or fails to report an actual intrusive action than it is known as false negative
technique, however when IPS classifies an action as anomalous when in fact, it is a legitimate
action then it is known as false positive.

IT managers have a very difficult job because they have to understand, manage, and secure their
networks from the foreign attacks or threats from certain Trojan’s, malware’s, and viruses.
Managers have to secure their networks from all types of threats and problems all the time. IT
managers cannot afford to take risks when they are operating different electrical devices, gadgets
and other instruments where they require perfection of 100%. Due to a wide network, visibility
becomes harder as blind spots tries to creep into the network to make the data vague. This
inability of seeing everything that is going around, by the network, will definitely affect the
network quality. But due to the working of an organization depends on the availability of perfect
networks; an organization cannot compromise on the network quality. For this purpose network
monitoring data and network detection systems are use to began the process of identifying and
removing blind spots. Likewise, IPS network works in the same order which identifies problems
and then try to remove blind spots so that, it can protect the available data from foreign
exploitation.

7) Span ports and IPS

IPS/IDS network and span ports they all work on the real time accessibility phenomenon to pass
through full duplex traffic at line rate and mode. There are some similar advantages of span port
as compared to IPS/IDS network, the uses of taps within span ports optimizes both network and
personal resources. Monitoring devices can be easily added when and where they are required. A
tap that includes two monitoring ports means the network and security teams do not share the
one span spot, furthermore they get all the data that they needed for the use of these networks in
monitoring the important data. SNORT is also on eof the most important example of IPS
network.
 8) Meta Signature Engines
There are many masters’ engines parameters available that provides data to the other available
and settled engines like signature engine, sub signature engine, and alert severity. Signature
engine provides thorough analysis of web traffic which provides general control over HTTP
sessions to prevent abuse of the HTTP protocol (Kumar, Timmons, & MeLampy, 2017). It also
allows administrative control over applications, however it also provides a way to inspect the
traffic and control and command that are being issued. Signature engine performance also
collaborates with sensor performance which allows deep inspection of web traffic control,
signature engine is also authorized and reinforced FTP commands. Signature engine is also used
for the identification of source finding of packet data alerts. Furthermore, systems and network
can provide defaults signatures for identifying tunneled traffic based on specific IP address, port
and specific protocol.

9) Passive Operating System Fingerprinting

Goal of system of passive fingerprinting is to determine the operating system version and type.
There are two most common methods of performing system fingerprinting: active and passive
scanning. The most common active scanning depends on the TCP and ICMP (Khan, Batten, &
Sun, 2016) packets. In the environment where there is less need of stealthier factors and, where
few people can afford a less specific fingerprint, ICMP may be the way to go. For the ultimate
stealthy detection passive printing can be used. Passive operating system of fingerprinting is the
best way to start off basic fingerprinting when required. There are certain drawbacks of passive
fingerprinting like; that it is usually less accurate than a targeted active fingerprinting session and
thus it relies on an existing traffic stream to which public may have access. Passive
fingerprinting is used for scanning and enumeration which also provide a source for passive
fingerprinting tool. Passive fingerprinting does not give high-level results as compare to active
fingerprinting. One of the advantages of passive FP is that its ability to finger print systems
based on packet captures and this capturing relates itself to the target environment where PFP
can analyze that data and can develop an attempt to fingerprint the hosts.
 10) Conclusion
Cisco IOS intrusion prevention system IPS is an inline mode system. It is a deep packet
inspection feature that effectively mitigates a wide range of networks attacks through its
qualities, supportive features, protective elements and effective activates. A component of Cisco
IOS integrated a threat control framework which is complemented by IOS itself for its flexible
packet matching feature. Some of the benefits of IPS network under the influence of Cisco IOS
are stated below such as: it is responsible for increasing the affectivity of network along with its
availability; it provides a wide network for the function of IPS. It proposes faster remediation
which will pinpoint those sources that attacks the data faster. It will provide deployment
flexibility at a large scale. On the other hand it provides a comprehensive view of threat
protection (Husák, Čermák, Jirsík, & Čeleda, 2016) that will include control-plane policies along
with other policies that will protect the data with the help of IPS network. IPS system is used
worldwide across the nations by different multiple well developed organization so that, it can
protect the confidential and private data related to these organization from being corrupted or
tarnished.
References
Ashfaq, R. A. R., Wang, X.-Z., Huang, J. Z., Abbas, H., & He, Y.-L. (2017). Fuzziness based semi-supervised
learning approach for intrusion detection system. Information Sciences, 378, 484-497.
Can, O., & Sahingoz, O. K. (2015). A survey of intrusion detection systems in wireless sensor networks.
Paper presented at the 2015 6th International Conference on Modeling, Simulation, and Applied
Optimization (ICMSAO).
Capalik, A. (2018). System and method for analyzing unauthorized intrusion into a computer network:
Google Patents.
Chao, C.-W., Chuang, H.-Y., Hsueh, M.-P., & Lee, S.-W. (2017). Enhanced intrusion prevention system:
Google Patents.
Choi, D., Sungjun, P., & Hwang, C. (2018). Method for blocking connection in wireless intrusion
prevention system and device therefor: Google Patents.
Husák, M., Čermák, M., Jirsík, T., & Čeleda, P. (2016). HTTPS traffic analysis and client identification using
passive SSL/TLS fingerprinting. EURASIP Journal on Information Security, 2016(1), 6.
Inayat, Z., Gani, A., Anuar, N. B., Anwar, S., & Khan, M. K. (2017). Cloud-based intrusion detection and
response system: open research issues, and solutions. Arabian Journal for Science and
Engineering, 42(2), 399-423.
Kenkre, P. S., Pai, A., & Colaco, L. (2015). Real time intrusion detection and prevention system. Paper
presented at the Proceedings of the 3rd International Conference on Frontiers of Intelligent
Computing: Theory and Applications (FICTA) 2014.
Khan, F., Batten, G., & Sun, Y. (2016). Method and apparatus for fingerprinting systems and operating
systems in a network: Google Patents.
Kumar, P., Timmons, P., & MeLampy, P. J. (2017). Network Device and Method for Processing a Session
Using a Packet Signature: Google Patents.