Network Intrusion Detection and Forensics - Dissertation Example

The paper tells that computers have come to assume in all aspects of our lives, and the lack of reliable networks in modern computing environments in plainly inconceivable. The supremacy of information technology in running many modern systems hinges on the continued reliability of computer networks. Without stable computer network systems, many simple computing activities we have come to assume as part of our daily routines: sending emails, browsing the web, making business communications, and maintaining social contacts would be in severe jeopardy.

Malicious use of computer networks would completely compromise our computing experience and the utilization of these indispensable network tools. Network Intrusion Detection Systems (NIDS) are partly the reason behind the continued security in computer systems around the world. The NIDS systems detect illicit use of computer networks, alert network administrators, create reports in the system through their logging abilities, and try to prevent harm to the network by malevolent network users. However, many users of computer networks lack access to decent NIDS systems available commercially.

Part of the reason why many computer users stave off the commercially available NIDS systems is the prohibitively costs. Another reason for the unattractiveness of several commercial network-based IDS is traceable to their complex deployment, configuration, and implementation procedures, which normally require technical assistance. Over the past decade, open source NIDS systems have come to define the NIDS landscape. Currently, the leading NIDS system in terms of user base been Snort, a lightweight open source NIDS.

The purpose of this project is to make comprehensive comparison of two open source NIDS, Snort and Bro. Keywords: Snort, Bro, NIDS, Table of Contents Abstract 2 Table of Contents 3 1.INTRODUCTION 4 2.BACKGROUND TO THE PROBLEM 5 3.OVERVIEW OF NETWORK INTRUSION DETECTION SYSTEMS 5 3.1 The Roles of NIDS 5 3.2 Difference of NIDS with Firewalls 7 3.3 Limitations of the Network Intrusion Detection Systems 7 3.4 Network Intrusion and Detection System Alert Terminologies 8 4.RECENT DEVELOPMENTS IN INTRUSION DETECTION SYSTEMS 9 5.

DIFFERENT METHODS OF INTRUSION DETECTION 10 5.1 Statistical Anomaly-Based Intrusion System 10 5.2 Signature-Based Intrusion Detection 10 6.NETWORK INTRUSION DETECTION SYSTEMS 11 6.1 Snort 11 6.2 Bro 11 6.3 PHAD 11 6.4 NetSTAT 12 6.5 EMERALD 12 6.6 Suricata 13 7.TESTING AND EVALUATION METHODOLOGY 13 8.ANALYSIS OF SNORT AND BRO 14 8.3 Common Characteristics of Snort, Bro, Suricata, and NetSTAT 16 8.4 Differences between Snort, Bro, Suricata, and NetSTAT 17 8.5 Major Strengths of Snort 19 8.6 Major strengths of Bro 21 8.

7 Major strengths of Suricata 21 8.8 Major strengths of NetSTAT 22 8.9 Major Weaknesses of Snort 22 8.10 Major Weaknesses of Bro 22 8.11 Major weaknesses of Suricata 23 8.12 Major weaknesses of NetSTAT 23 9. RESULTS FOR SNORT AND BRO 23 9.1 Capabilities of Snort and Bro to Identify Security Threats and Network Violations 23 9.1.1 Bro Architecture 23 9.1.2 Bro Network Intrusion Detection Mechanism 25 9.1.3 Snort Architecture 26 9.1.4 Snort Network Intrusion Detection Mechanism 26 9.1.5 Suricata’s Network Intrusion Mechanism 27 9.1.6 NetSTAT Capabilities to detect security threats and network violations 28 9.

2 Comparison of Snort’s, Bro’s, Suricata’s and NetSTAT’s Performance 28 10. RECOMMENDATIONS AND CONCLUSIONS 29 10.1 Recommendations 29 10.2 Conclusions 30 References 33 1. INTRODUCTION The essentiality of network protection is unquestionable, especially with the ever-growing relevance of computer networks in many facets of our society. Many things, ranging from trade, governance, education, communication, and research rely heavily on computer networks. The vulnerability of networks to breakdowns after attack can be expensive and disastrous.