Introduce: Personal software firewalls

* Personal firewalls are applications that protect an individual computer from unwanted Internet traffic. Exampls: windows firewall, zone-alarm, ipfirewall (Mac OS). Personal firewall:
+ promp the user for permission to enable particular applications to access the Internet.
+ have the capability to detect intrusion to a computer an block that intrusion.

* Host-Based intrusion detection systems
– An intrusion detection system is used to monitor an individual computer systems or a network, or portion of a network and analyze data that passes through to identify incidents, attacks, and so forth.
Host-based intrusion detection system (HIDS) is loaded on an individual computer, it analyzes and monitors what happens inside that computer. A HIDS is installed directly within an operating system. One of advantages of using a HIDS is that it can interpret encrypted traffic. Disadvantages include price, and resource-intensive, and by default the HIDS object database is stored locally, if something happen to the computer the database will unavailable.

– Network intrusion detection system (NIDS) can be be loaded on the computer, or can be a standalone appliance, but it checks all the packets that pass through the netwrok interfaces. Advantaged include: it is less expensive and less resource intensive, and entire network can be scanned for malicious activity as oppesed to just one computer. Disadvantages is that a NIDS cannot monitor for things that happen within an OS.

Two main types of monitoring that an IDS can carry out:
+ Statiscal anomaly- Establishes a performance baseline based on normal network traffic evaluations. It then compares current network traffic activity with baseline to detect whether it is within parameters.
+ Signature-based- Network traffic is analyzed for predetermined attack patterns, which are known as signatures. These signatures are stored in a database that must be update regularly to have affect.
Two main types of misidentification of attack:
+ False positive- If the IPS identified legitimate activity as something malicious.
+ False  negative-  If the IPS does not have a particular attack’s signatures in tis database, and lets that attack run its course thinking it is legitimate.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s