Intrusion and Prevention Essay

1.0Abstr puzzle outThe astray spread proliferation of Internet Technology has led to the incorporation of ready reckoner in each and every field of life. From education to Business, Information Technology has now become an indispensable element in our life. Computers have reached homes, offices, schools and even churches . The wide spread use of computers is accompanied by an exponential growth in e-crimes ,in which unscrupulous elements try to gain access to others computers to steal blue-chip information like credit card numbers , personal identification codes etc. Owing to this the development and deployment of sophisticated Intrusion give awayion arrangements that can chance and thwart such malicious attempts becomes highly important.2.0 Intrusion Detection organisations(IDS)In order to safeguard a computer from being intruded by malicious code, System/Ne twainrk Administrators deploy Intrusion Detection Systems .These systems are nothing but software system applications that monitor the inbound Internet packets for malicious or susceptible exertion and alert the Administrator whenever such an activity is detected. They often respond to such intrusions by either blocking the source computer from accessing the hosted computer or by restricting the actions of source computer on destination. There are many types of IDS software available in the trade and they differ in the way they detect the suspicious activity. Examples of IDS include Shadows, wench, Dragon, RealSecure and NetProwler.3.0 Snort IDSThere are many products available in the market for intrusion detection, out of these Snort gains a unique market proposition because of its free download availability and its at par performance in its field with any other commercial product. Snort is an dependent source IDS Software which was originally designed for UNIX platform, but now is available for Windows based systems likewise. It provides basic engagement monitoring purpose and also can also be configured for rule based IDS functionality.4.0 Functionalities of SnortSnort can be installed very easily on any Windows or UNIX based system with the help of its friendly graphical user friendly interface. It is a Network bases Intrusion Detection System (NIDS) that can be used in two modes, sniffer and logger mode. In basic sniffer mode it just reports what is happening on the system console, while in the logger mode, it can log the network traffic details in the log file directory. Both sniffer and logger modes are passive and just give system administrator an information about the network traffic without actually taking any action to prevent the intrusion. However it can be used in IDS mode to be able to act upon certain rules, pre-defined by system administrator to prevent intrusion.Snort is open sourced and comes with a well-developed API that can be used to add new functionalities to the IDS.The only pit-fall of Snort IDS is that, it does not have Customer support and a user has to rely on self-help books and internet forums for any troubleshooting and problems. However its download comes with a very fatten out documentation. Also some of the functionalities that are their in its UNIX version might be missing in its Windows version.5.0 EvaluationSnort is the most widely used IDS software with more than 225,000 registered users. It provides user with features like signature detection, protocol inspection and anomaly based detection. Its open source nature makes it the most favored IDS system by developers .They are constantly in pursuit to add new and sophisticated functionality to existing systems. There is lot of literature available about Snort collect to its wide reach and influence on user community.It can be used to detect all kind of intrusions ranging from buffer overflows, CGI attacks, SMB probes, OS fingerprinting attempts to larceny port scans. From its initially light weight edition that was used only to log the intrusion attempts to the current sophisticated and fully developed IDS edition, Snort has rightfully come a long way to provide user with an inexpensive, sophisticated and cutting edge technology that could secure their systems from malicious attacks from unscrupulous elements.