Intrusion Prevention System

In the last decade, there is a rapid growth in the use of Internet by the organization for information sharing. As information is very vital to the organizations, it should be preserved and insulated from any unauthorized access or alternation. In last few years, attacks on the computer infrastructures have increased exponentially. Several information security techniques are available now a days like firewalls, anti-virus software and Intrusion prevention systems (IPSs), which are important tools for protecting an organization from intrusions. Now most attacks are impossible to defend with firewalls and anti-virus software alone. Without an IPS, such attacks are difficult to detect and prevent. This chapter presents different definitions of intrusion prevention system with meaningful explanation; compare network IPS with Host IPS, common and the advanced detection methods, common IPS components, coverage of attacks by IPS and criteria to select right IPS. Finally, this chapter concludes with an analysis of the challenges that still remain to be resolved.

Cluster-Based Countermeasures for DDoS Attacks

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Introduction to Network Security

Writing a chapter on network security is something like writing a brief introduction to flying a commercial airliner. Dissimilar, data communications of the past, today's networks incorporate varied devices that handle the data because it passes from the sender to the receiver. The first question to address is what we mean “network security”. Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. A generic definition of security is “freedom from risk or danger and safety”. However it is not only human errors that can cause problem to network security, problems can also be caused by natural forces like fire breakouts, earthquakes, floods lightning etc. The ways network administrators think about securing networks has been changed by an increasingly dynamic and technically challenging risk environment. Security is an assessment of risk. Secure environments are designed and developed through an intentional effort.

Countering RSA Vulnerabilities and Its Replacement by ECC

Security is utilized to keep the information safe. Online resources, e-commerce, internet banking and a lot of similar services are protected by use of well-known protocols such as Secure Socket Layer (SSL). This protocol makes use of the RSA key exchange protocol for authentication. New innovations and boost ups in the computational power of supercomputers today makes it quite easier than before to break through RSA and consequently decrypt the payload transferred over SSL. In this research demonstrates the use of SSL; how to utilize it in the best shape? We also discuss reasons of why we need to improve its strength. The proposed solution is to replace the RSA key exchange mechanism utilized in SSL with Elliptic Curve Cryptography (ECC).

Intrusion Detection System (IDS) and Their Types

Over the last two decades, computer and network security has become a main issue, especially with the increase number of intruders and hackers, therefore systems were designed to detect and prevent intruders. This chapter per the authors investigated the most important design approaches, by mainly focusing on their collecting, analysis, responding capabilities and types of current IDS products. For the collecting capability, there were two main approaches, namely host- and network-based IDSs. Therefore, a combination of the two approaches in a hybrid implementation is ideal, as it will offer the highest level of protection at all levels of system functions. The analysis capability of an IDS can be characterised by the misuse and anomaly detection approaches. Therefore, a combination of the two approaches should improve the analysis capability of an IDS i.e. hybrid of misuse and anomaly detection.

Security Issues in Mobile Wireless Networks

The varieties of studies in literature have been addressed by the researchers to solve security problems of Mobile Wireless Ad Hoc Networks (MANET) against denial of service (DoS) and distributed denial of service (DDoS) attacks. Attackers have proposed variety of methods and techniques by considering weaknesses of the wireless nature of the channels and specific characteristics of mobile wireless networks. This chapter evaluates variety of attacks proposed in the literature against MANET by classifying variety of security strategies and mechanisms proposed by the researchers. The algorithms are discussed and explained separately. All these attacks are classified in different categories and security strategies proposed by the researchers have been explained.

DDoS Attacks and Their Types

Billions of people rely on internet to discover and share ideas with the world. However, the websites are vulnerable to deliver the attacks, preventing people to access them. The recent study of global surveys showed that DDoS Attacks evolved in strategy and tactics. A Distributed Denial of Service (DDoS) attack is a new emerging bigger threat that target organization's business critical services such as e-commerce transactions, financial trading, email or web site access. A DDoS attack is a large-scale, coordinated attack on the availability of services of a victim system or network resource, launched indirectly through many compromised computers on the Internet. To create attacks, attackers first discover vulnerable sites or hosts on the network. Then vulnerable hosts are exploited by attackers who use their vulnerability to gain access to these hosts. This chapter deals with the introduction, architecture and classification of DDoS Attacks.

Sensors Network

This chapter aims to develop an understanding of sensor networks and the security threats posed to them, owing to the inherently insecure wireless nature. It also highlights the current security issues associated with the exchange of information and presents respective countermeasures that can be used to secure the network of malevolent behavior. It builds the reader's understanding of security threats by presenting an idealistic security mechanism and comparing it to currently practiced security mechanisms. Doing so, it identifies the security flaws in each mechanism, henceforth, enumerating a list of well-known security attacks that are connected to the respective security flaws. To provide a better understanding of security threats, the security attacks, in general, are discussed in the perspective of a network administrator, and an adversary. Their impact is also considered from the side of a network administrator and its respective benefits to the adversary. The chapter is later concluded along with future directives and an insight on requirements of forthcoming technologies.

Classification of Network Attacks and Countermeasures of Different Attacks

Network security has become more important and the growing rate of network attacks together with hacker, cracker, and criminal enterprises are increasing, that impact to the availability, confidentiality, and integrity of vital information data. In order to understand and defend against network attacks, it is necessary to understand the kind of attack. This chapter focuses on the provisioning of a method for the analysis and categorization of both computer and network attacks, thus providing assistance in combating new attacks, improving computer and network security as well as providing consistency in language when describing attacks. Attacks are thus attempts by unauthorized individuals to access or modify information, to deceive the system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. During this chapter we tend to area unit providing the elucidation against black hole attack that relies on fuzzy rule in case study section.

Changing Dynamics of Network Security involving Hacking/Cracking with Next Generation Firewalls (NGFW)

With increasing number of users on the internet, risk of security and probability of vulnerable attacks are increasing day by day. For every user connected to network, security attacks like hacking and cracking are very frequent which leaves enormous amounts of sensitive data at the risk of being altered, lost or misused. This apparently leads to the need for security measures on ports and protocols also search for application security, VPN, IPS, and a firewall support. The hacking and cracking threats and attacks in a network are no longer in control with the existing methods and standard firewalls. The introduction of Next Generation Firewalls leads to improved security over network. This chapter deals with hacking and cracking attacks over network and their countermeasures, also focusing on the changing dynamics of network security with next generation firewalls.