IDS CHALLENGES
Network security refers to policies and provisions implemented by a network administrator. It forms part of computer networking that deals with providing security for computer networking infrastructure. This aims at monitoring and preventing authorized modification, denial and access of network accessible resources and computer network. This process involves access authorization to a network data under the control of an administrator.
Authorized users are assigned a password and an ID or authenticating information. Through this, unauthorized users are denied access to the computers in the network. A system of network protection depends on protection layers and consists of several components. This includes hardware, network monitoring, appliances and security software (Johnson, 2011).
This day and age Network Security is more important than ever. Computer networking is no longer mainframes connected to dumb terminals with limited access. We now have large scale networks and for every network architecture deployed there is an equal amount of hacking recipes at a user's fingertips that can be downloaded from the internet. The Fundamental Principles of Security are the three tenants to Network Security. Without these you would not have a baseline measure to start or maintain a network. There is what up and coming Network Administrators need to understand in order to engineer, deploy and maintain a secure and manageable network today. As the complexity of threats and hacking style increases, so does the security measures needed to protect a network(Catherine, 2009)..
IPS are capable of taking actions on distinct policies such as quarantining the host, providing alerts, blocking a connection, logging the event, or a combination of these
IPS provide logging and also alert on recent attacks therefore making it easy to trace and understand an attack, and offer supporting tools that help in blocking the attacks. A single click on the attack provides detailed information concerning the attack and measures taken to resolve the attack. IDS and IPS systems are capable of searching for attacks using dissimilar characteristics of the attack for instance by impacted applications, attack name and attack ID (Catherine, 2009).
False alarms are IDS/IPS procedures that someone may not want taking place in your performance. There are two types of false alarms false negatives and are false positives that are both undesirable.
The alert may as a result of system attack was not susceptible to the attack, or that the mechanism for detection was faulty, or the IDS could have detected an anomaly that turned out to be benevolent. An IDS false positive IDS makes a security analyst to use unnecessary effort.
When a false positive occurs in an IPS, the main concern is that lawful traffic is blocked. The organization should block lawful traffic. When legitimate traffic is blocked by an IPS for several times, it will be singled out of the network.
False positives: I would determine whether the malevolent traffic appear in usual network communication. If it appears, it is possible for the signature to make a false positive alert. A false positive alert result from a signature that is written to become aware of a particular warning generating alerts based on the traffic.
False negatives: preferably, a signature will become aware of a possible attack that successfully exploits the pertinent threat. If the signature does not perceive a meticulous attack, absence of the attack is known as a false negative.
Reference
Johnson, B. (2011). Network security innovation center kicks off lecture series. Retrieved from:
Catherine, P.(2009) Network Security Using Cisco IOS IPS. Retrieved from:
http://www.ciscopress.com/articles/article.asp?p=1336425
