12,055 research outputs found
Security Configuration Management in Intrusion Detection and Prevention Systems
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense
against a variety of attacks that can compromise the security and proper functioning
of an enterprise information system. IDPSs can be network or host-based and can collaborate
in order to provide better detection of malicious traffic. Although several IDPS
systems have been proposed, their appropriate con figuration and control for e effective detection/
prevention of attacks and efficient resource consumption is still far from trivial.
Another concern is related to the slowing down of system performance when maximum
security is applied, hence the need to trade o between security enforcement levels and the
performance and usability of an enterprise information system.
In this dissertation, we present a security management framework for the configuration
and control of the security enforcement mechanisms of an enterprise information system.
The approach leverages the dynamic adaptation of security measures based on the assessment
of system vulnerability and threat prediction, and provides several levels of attack
containment. Furthermore, we study the impact of security enforcement levels on the
performance and usability of an enterprise information system. In particular, we analyze
the impact of an IDPS con figuration on the resulting security of the network, and on the
network performance. We also analyze the performance of the IDPS for different con figurations
and under different traffic characteristics. The analysis can then be used to predict
the impact of a given security con figuration on the prediction of the impact on network
performance
Recommended from our members
A survey of intrusion detection techniques in Cloud
Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks
Introduction to Security Onion
Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management
A survey of intrusion detection system technologies
This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them. Advanced methods of increasing the performance of an IDS are explored such as specification based IDS for protecting Supervisory Control And Data Acquisition (SCADA) and Cloud networks. Also by providing a review of varied studies ranging from issues in configuration and specific problems to custom techniques and cutting edge studies a reference can be provided to others interested in learning about and developing IDS solutions. Intrusion Detection is an area of much required study to provide solutions to satisfy evolving services and networks and systems that support them. This paper aims to be a reference for IDS technologies other researchers and developers interested in the field of intrusion detection
The cyber security learning and research environment
This report outlines the design and configuration of the Cyber Security Learning and Research Environment (CLARE). It explains how such a system can be implemented with minimal hardware either on a single machine or across multiple machines. Moreover, details of the design of the components that constitute the environment are provided alongside sufficient implementation and configuration documentation to allow for replication of the environment
- …