ABSTRACT
Nwogu, Emeka Joshua. 2012. Network Intrusion Detection and Prevention Systems in Educational Systems - A case of Yaba College of Technology. Bachelor’s Thesis. Kemi-Tornio University of Applied Sciences. Business and Culture. Pages 66. Appendix 1.
The objective of this thesis work is to put forward a solution for improving the security network of Yaba College of Technology (YCT). This work focuses on implementation of a network intrusion detection and prevention system (IDPS), due to constant intrusions on the YCT’s network. Various networks attacks and their mitigation techniques are also discussed, to give a clear picture of intrusions. The work will help the College’s administrators to become increasingly cautions of attacks and perform regular risk analyses.
The research methodologies used in this work are descriptive and exploratory research. In addition, a questionnaire survey and interviews were used to collect data necessary for in-depth knowledge of the intrusions in the College. The choice of the research methods was found relevant for the current work. Furthermore, the researcher intended to gain an increased understanding of and provide a detailed picture of IDPS and the issues to consider when implementing the system.
Network intrusion has been a security issue since the inception of the computer systems and the Internet. When breaking into a computer or network system, confidentiality, integrity and availability (CIA) are the three most aspect of security that are targets for intruders. The CIA, important aspects of security, and other network resources, need to be well protected using robust security devices.
Based on the research tests and results, this thesis proposes implementation of IDPS on the College’s network, which is an essential aspect of securing information and network resources.
Keywords: Information Security, IDPS, Network Intrusion, YCT, Network Attackers, Software Application, Network intruders
TABLE OF CONTENTS
ABSTRACT
FIGURES
ABBREVATIONS
1 INTRODUCTION
1.1 Background
1.2 Motivation
1.3 Objectives
1.4 Structure of the Thesis
2 RESEARCH TOPIC, QUESTIONS AND METHODOLOGY
2.1 Research Topic and Question
2.2 Research Methodology
2.3 Expected Research Results
3 INFORMATION ON YABA COLLEGE OF TECHNOLOGY
3.1 History and objective
3.2 Centre for Information Technology and Management
3.3 YCT Network Structure
4 NETWORK ATTACKS AND MITIGATION TECHNIGUES
4.1 Reconnaissance Attacks
4.1.1 Packet Sniffer Attack
4.1.2 Port Scan and Ping Sweep Attack
4.1.3 Internet Information Queries Attack
4.2 Access Attack
4.2.1 Password Attack
4.2.2 Trust Exploitation Attack
4.2.3 Port Redirection Attack
4.2.4 Man-in-the-middle Attack
4.2.5 Buffer overflow
4.3 Denial of Service Attack
4.4 Malicious codes Attack
4.5 Application Layer Attacks
5 INTRUSION DETECTION AND PREVENTION SYSTEM
5.1 IDPS Detection Methodologies
5.2 Functions of IDPS
5.3 Types of IDPS Technologies
5.4 Comparison of IDPS Technologies
5.5 IDPS add-ons
5.6 Challenges and Limitations of IDPS
5.7 IDPS Components
5.8 Network Architectures and IDPS Sensor Location
6 DEPLOYMENT AND TESTING OF IDPS
7 DISCUSSIONS AND CONCLUSION
7.1 Introduction
7.2 Avenue for Further Research
7.3 Concluding Note
REFERENCES
APPENDIX
1 INTRODUCTION
1.1 Background
The title of this work is Network Intrusion Detection and Prevention Systems in Educational Systems. Intrusion is a major threat to security in computer and network systems, and has been an area of interest for software developers, inventing or coming up with methods or applications to combat the dreaded element in the world of computer security. An intrusion is a purposefully illicit endeavor to access information, manipulate information or render a system untrustworthy or inoperative. (Tech-FAQ 2010.) According to Kizza (2005, 14), intrusion is an intentional effort, successful or not, to access or misuse sensitive data in a controlled computer system or network.
For any organization, having a secure network is the primary aim to reach their business goal. A network is said to be reliable when it can withstand attacks, which may damage part or a whole system. An ideal secure network should resist intrusion to the barest minimum. However, in practice, no network is hundred percent secure from intrusion attempts by intruders, either internally or externally. Intrusion attempt can still succeed, in spite of security measures in place. It is therefore imperative to detect intrusion and limit its effects on networks, as much as possible. (Grand 2012.)
There are various forms intruders carry out attacks on a network, either for selfish gain or deliberate attempt to compromise sensitive data. No matter what form attacks are carried out, complex or trivial, these attacks poses a threat to a network. Various forms of threats to network security include eavesdropping of packets over a network, injection of malicious codes into computer system, unauthorized use of network resources, stealing software or hardware components, installing back doors programs into user’s computer system to enable illicit remote access, performing denial of service attack. (Tech-FAQ 2010.)
As Information Technology expects are developing enhance ways to tackle intrusion on network and computer systems, intruders are devising and inventing new techniques to perpetuate malicious acts. As a result, applications of firewall, filtering of routers, regular update of anti-malware programs and other defense mechanisms deployed in a network are not enough to prevent the highly sophisticated attacks from intruders.
Therefore, there is need for deployment of Intrusion Detection and Prevention System (hereinafter IDPS) to combat network intrusion. (Grand 2012.)
Network attacks come in various forms as mentioned above. However, these attacks are classified into two major categories, internal and external attacks. Internal attacks are attacks on a network perpetrated by unhappy or greedy authorized users, i.e. insiders within an organization. Authorized users can use their legitimate rights to perform illicit activities in a network, due to the possession of some form of access rights. Most times, insiders conceal their attack and make it look as a normal process, to avoid suspicion. For instance, insiders might have some administrative rights over some data, which gives them the right to add, delete or modify. With such privileges, greedy users might alter data for personal gains, and not considering organization’s interest. (Tech-FAQ 2010.)
External attacks are carried out by individuals or entities outside an organization, i.e. outsiders. It is mostly performed by malicious experience crackers, an experienced malicious entities, or script kiddies. External attacks are usually perpetrated by using a predefined plan and sophisticated technologies. These attacks usually involve scanning of network with software application to check for loop holes, vulnerable host and gathering of information, before launching attack. (Tech-FAQ 2010.)
An intrusion in a network usually tries to compromise one or all of the three main aspects of security. The three aspect of security are Confidentiality, Integrity and Availability (hereinafter CIA), which is popularly known as CIA Model or Triad. (Whitman 2004.)
Confidentiality as a key aspect of information security, limits information access and disclosure to authorized users. It is the duty of network administrators to prevent and ensure that unauthorized users do not gain access to confidential information in a network. (Whitman & Mattord 2005.)
Data integrity ensures that information or resources in a network are not modified or altered by unauthorized users. When data is modified or altered, it loses its trustworthiness. (Whitman & Mattord 2005.)...
================================================================
Item Type: Project Material | Size: 66 pages | Chapters: 1-5
Format: MS Word | Delivery: Within 30Mins.
================================================================
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.