ASSIGNMENT 1

SEPTEMBER 2023 SEMESTER

SUBJECT CODE : CIS300

SUBJECT TITLE : INTERNET SECURITY

LEVEL : BACHELOR

STUDENT’S NAME : AJAY BALAMI

MATRIC NO. : C30105210041

PROGRAMME : BICT (Hons)

ACADEMIC : Dr. RUPENDRA MAN

FACILITATOR RAJKARNIKAR

LEARNING CENTRE : VIRINCHI, NEPAL

Question 1

There is a growing concern of Internet safety for all internet users nowadays.

Elaborate the statement above with any THREE (3) basic methods of securing your computer from
harm, especially from hackers and virus creators.
Answer:

Internet security refers to the measures and practices taken to protect computer systems, networks,
and data from unauthorized access, attacks, and damage on the internet.

Securing your computer from potential harm, especially from hackers and virus creators, is crucial
to protect your personal and sensitive information. Here are three basic methods to enhance the
security of your computer:

i. Encryption:

Encryption is a crucial cybersecurity technique that involves converting sensitive information into
a secure and unreadable format using algorithms and cryptographic keys. This process ensures that
only authorized parties with the
appropriate decryption keys can
access and understand the original
data. In the context of securing a
computer from hackers and virus
creators, encryption serves as a
formidable defense by protecting
data at rest, in transit, and during
communication. It is employed to
encrypt files, folders, and entire hard
drives, preventing unauthorized Fig: Encryption and Decryption
access to critical information. (ICO, 2020)

Additionally, encryption protocols like SSL/TLS secure online communications, while Virtual
Private Networks (VPNs) use encryption to establish secure connections over the internet. By
incorporating encryption into a comprehensive security strategy, individuals and organizations can
safeguard their sensitive data and enhance the overall resilience of their computer systems against
potential threats. (Smith, 2018)
ii. Firewalls:

Firewalls act as a barrier

between your computer and
potential unauthorized
access from the internet or
local networks. A firewall
monitors and controls
incoming and outgoing
network traffic based on
predetermined security
Fig: Firewall
rules. Most operating
(Tyson, 2019)
systems come with built-in
firewalls, and it's essential to ensure that they are enabled. Additionally, you can set up rules to
specify which applications are allowed to communicate over the network, providing an extra
layer of protection against unauthorized access.

iii. Regular Software Updates and Patch Management:

Keeping your operating system,

software applications, and plugins up
to date is crucial for security.
Developers release updates and
patches to fix vulnerabilities that
could be exploited by hackers.
Enable automatic updates when
possible, and regularly check for
updates manually to ensure that your
system is protected against known
security flaws. Attackers often target
outdated software to exploit vulnerabilities, so timely updates are an effective way to minimize
these risks.
In conclusion, a comprehensive security approach, combining the use of firewalls, antivirus
software, regular updates, and encryption, creates a robust defense system against potential
harm from hackers and virus creators. These methods work in tandem to fortify your computer's
security, safeguarding both your personal and professional data from various cyber threats.
(TitanFile, 2019)
Question 2

a) There are several ways to categorize an Intrusion Detection System (IDS) depending on
the type and location of the sensors and the engine’s methodology to generate alerts.

Based on Figure 1, elaborate how sensors, console and engine are implemented in IDS.

Figure 1

Answer:

An Intrusion Detection System (IDS) is a security technology designed to monitor network or

system activities for malicious or suspicious behavior. The primary purpose of an IDS is to
identify and respond to potential security threats in real-time. There are two main types of IDS:
Network-based Intrusion Detection Systems (NIDS) and Host-based Intrusion Detection
Systems (HIDS). Both types typically consist of three main components: console, sensors, and
engine.

1. Sensors:

Sensors are responsible for collecting and analyzing data from the monitored network or system.
In a network-based IDS (NIDS), sensors are strategically placed at various points on the network
to capture and inspect network traffic. In a host-based IDS (HIDS), sensors are deployed on
individual hosts or devices to monitor activities occurring on those specific systems. Sensors
pass the collected data to the detection engine for analysis. They play a crucial role in detecting
anomalies or patterns indicative of a security incident.
 2. Console:

The console is the component of the IDS that provides the user interface and management
functionality. It allows security administrators to configure and customize the IDS, view alerts
and reports, and manage the overall system. Security administrators use the console to define
detection policies, set up alert thresholds, and customize responses to specific types of incidents.
The console serves as the central point of control for the IDS and provides a user-friendly
interface for monitoring and managing the security of the network or system.

3. Engine:

The detection engine is the core of the IDS, responsible for analyzing the data collected by
sensors and making decisions about whether a particular activity is normal or indicates a security
threat. The engine uses predefined rules and signatures to compare the observed behavior against
known attack patterns or deviations from normal behavior. If the engine identifies suspicious or
malicious activity based on its analysis, it generates alerts and, in some cases, can initiate
automated responses or notifications to security personnel. The detection engine is continuously
updated with new signatures and rules to stay current with emerging threats.

In summary, an Intrusion Detection System is a multi-component security solution that includes

a console for management, sensors for data collection, and an engine for analysis and decision-
making. Together, these components work to identify and respond to security incidents in real-
time, helping organizations enhance their overall cybersecurity posture. (Packetslab, 2022)
b) Identify and briefly explain the detection technique, as shown in Figure 2.

Figure 2

Answer:

Diagram 2 illustrates a statistical anomaly-based Intrusion Detection System (IDS) and

Signature Based Intrusion Detection System (IDS) that aims to identify computer breaches

and misuse through the continuous monitoring of system activities. Short description
about them is depicted below:

Signature-Based IDS (Signature IDS):

Overview:

Signature-Based Intrusion Detection Systems (IDS), also known as misuse detection systems,
operate by comparing observed events or patterns in network traffic and system activities against
a database of known attack signatures.

Key Characteristics:

1. Signature Database: Maintains a database of predefined signatures or patterns associated with

known attacks.

2. Pattern Matching: Actively compares incoming data or activities against the signatures to identify
a match.

3. Detection Accuracy: Highly effective at detecting known threats with well-defined signatures.
 4. Real-Time Analysis: Operates in real-time to identify and respond to known attack patterns.

Pros:
 High accuracy in detecting recognized threats.

 Fast response to known attack patterns.

Cons:
 Limited to detecting known threats; may miss new or evolving attacks.

 Vulnerable to evasion techniques that modify attack signatures.

In summary, Signature-Based Intrusion Detection Systems (IDS) play a crucial role in swiftly
identifying known threats by comparing network traffic or system activities with predefined attack
signatures. While effective in familiar environments, they face challenges such as evasion
vulnerabilities and reliance on updated databases. Organizations address these limitations by
integrating Signature-Based IDS with other types, such as anomaly-based or hybrid systems,
creating a more robust defense against a variety of cyber threats. Continuous monitoring, regular
updates, and a holistic cybersecurity strategy remain essential for maintaining effectiveness.
(Caira, 2018)

Anomaly-Based IDS:
Overview:

Anomaly-based IDS operates on the principle that malicious activities often exhibit patterns that
deviate from the normal, expected behavior of a network, system, or user. The system establishes
a baseline of typical behavior and alerts security personnel when it detects activities that
significantly differ from this baseline.

Key Characteristics:

1. Baseline Establishment:

 Profile Normal Behavior: The IDS learns what constitutes normal or legitimate behavior by
analyzing historical data and monitoring regular activities.

 Metrics Establishment: Metrics are defined based on typical patterns, including network traffic,
user behavior, system resource usage, and more.
 2. Real-Time Monitoring:

 Continuous Surveillance: The IDS continuously monitors ongoing activities in real-time, comparing
them against the established baseline.

 Dynamic Baseline Adjustment: The baseline is adjusted over time to accommodate changes in the
network or system environment.

3. Anomaly Detection:

 Deviation Analysis: Any significant deviation from the established baseline is flagged as a potential
anomaly.

 Statistical Methods: Anomaly detection often involves statistical analysis, comparing observed
data against expected values.

4. Feedback Loop:

 Adaptation: Anomaly-based IDS often incorporates a feedback loop, continuously learning from
new data and adjusting the baseline to adapt to changes in the network or system environment.

Anomaly-based IDS is particularly valuable for identifying novel attack patterns or sophisticated
threats that may not be covered by signature-based detection systems. It complements other
security measures within a comprehensive cybersecurity strategy. (N-able, 2021)
References
1. Caira. (2018). What is Signature-Based Detection? Retrieved from corelight.com:
https://corelight.com/resources/glossary/signature-based-
detection#:~:text=Signature%2Dbased%20detection%20is%20one,a%20list%20of%20kn
own%20indicators.
2. ICO. (2020, feb 05). What types of encryption are there? . Retrieved from
https://ico.org.uk/: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-
resources/security/encryption/what-types-of-encryption-are-there/
3. N-able. (2021, march 15). Intrusion Detection System (IDS): Signature vs. Anomaly-
Based. Retrieved from n-able.com: https://www.n-able.com/blog/intrusion-detection-
system
4. Packetslab. (2022, Sept 07). How Does an Intrusion Detection System Work? Retrieved
from packetslabs.net: https://www.packetlabs.net/posts/intrusion-detection-
system/#:~:text=IDS%20internal%20working%20gets%20managed,the%20response%20
and%20report%20generation.
5. Smith, A. (2018, Feb 28). What is Encryption. Retrieved from internetsociety.org:
https://www.internetsociety.org/issues/encryption/what-
is/?gclid=Cj0KCQiAm4WsBhCiARIsAEJIEzVp1FXx3SOWF441sX0_j9Q-
4yPx5IcmTWp0pefTvUtJOhYLKNGpCVcaAvEqEALw_wcB
6. TitanFile. (2019, Nov 05). How to Protect Your Computer From Hackers and Viruses.
Retrieved from titanfile.com: https://www.titanfile.com/blog/how-to-protect-your-
computer-from-hackers-and-viruses/
7. Tyson, J. (2019, Dec 21). How Firewalls work. Retrieved from computer.howstuffworks.:
https://computer.howstuffworks.com/firewall.htm