Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Directions: Congratulations! Your successful consultation endeavors have earned

ID: 3859862 • Letter: D

Question

Directions: Congratulations! Your successful consultation endeavors have earned you a new client interested in your services. They have sent over a diagram and are interested in the prospects of purchasing an IDS system for the company. They are a relatively large company and are willing to spend approximately 90K a year on the product in its entirety. Based off the chapters we have just read, use your research and judgment to respond in a letter to Tech-MO’s president Larry Longfield. You will include the following: Which IDS system do you recommend? What are the costs? What type of IDS is it? Where should it be placed on the current diagram and why?

Explanation / Answer

AS per your consultation I have researched that there are many different network based (NIDS) and host based (HIDS) intrusion detection systems. There are IDS that detect based on looking for specific signatures of known threats- similar to the way antivirus software typically detects and protects against malware- and there are IDS that detect based on comparing traffic patterns against a baseline and looking for anomalies. There are IDS that simply monitor and alert and there are IDS that perform an action or actions in response to a detected threat. We’ll cover each of these briefly.

So as per my recommendation, the 'Reactive IDS' should be used in such large company i.e, A Reactive IDS will not only detect suspicious or malicious traffic and alert the administrator, but will take pre-defined proactive actions to respond to the threat.

Typically this means blocking any further network traffic from the source IP address or user.

One of the most well known and widely used intrusion detection systems is the open source, freely available Snort. It is available for a number of platforms and operating systems including both Linux and Windows. Snort has a large and loyal following and there are many resources available on the Internet where you can acquire signatures to implement to detect the latest threats. For other freeware intrusion detection applications you can visit Free Intrusion Detection Software.

There is a fine line between a firewall and an IDS. There is also technology called IPS – Intrusion Prevention System. An IPS is essentially a firewall which combines network-level and application-level filtering with a reactive IDS to proactively protect the network. It seems that as time goes on firewalls, IDS and IPS take on more attributes from each other and blur the line even more.

Essentially, your firewall is your first line of perimeter defense. Best practices recommend that your firewall be explicitly configured to DENY all incoming traffic and then you open up holes where necessary. You may need to open up port 80 to host web sites or port 21 to host an FTP file server. Each of these holes may be necessary from one standpoint, but they also represent possible vectors for malicious traffic to enter your network rather than being blocked by the firewall.

That is where your IDS would come in. Whether you implement a NIDS across the entire network or a HIDS on your specific device, the IDS will monitor the inbound and outbound traffic and identify suspicious or malicious traffic which may have somehow bypassed your firewall or it could possibly be originating from inside your network as well.

An IDS can be a great tool for proactively monitoring and protecting your network from malicious activity, however they are also prone to false alarms. With just about any IDS solution you implement you will need to “tune it” once it is first installed. You need the IDS to be properly configured to recognize what is normal traffic on your network vs. what might be malicious traffic and you, or the administrators responsible for responding to IDS alerts, need to understand what the alerts mean and how to effectively respond.

Related Questions

Directions: A proper pricing and promotion strategy can make or break any busine
Question #365196
Directions: A researcher posits the following hypothesis: “ Smoking cessation is
Question #3155999
Directions: After each of the following items write either the word TRUE or the
Question #3277878
Directions: After each of the following items write either the word TRUE or the
Question #3304498
Directions: After reading the Centers for Disease Control and Prevention case st
Question #244519
Directions: After reading the case study below, pretend that you are responsible
Question #3470801
Directions: After reading the scenario, complete the task below the scenario. Sc
Question #2777763
Directions: Answer 8 of the following 10 questions. There is a spreadsheet with
Question #378632
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Directions: Conduct research on the effectiveness of company celebrations. Resea
Next
Directions: Consider the structure in Fig. 1. Determine all theinternal forces i

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.