You are the Information Security Officer at a medium-sized company (1,500 employees). The CIO has asked you to explain why you recommend using commercial PKI rather than implementing such a capability in-house with the software developers you already have. Write a brief memo that would get your point across and address three key issues.
You're still the Information Security Officer and you're still in the office with the CIO. Even though wireless networks have some known shortcomings/vulnerabilities, explain to your CIO what you can do to make sure your wireless network is more secured.
This assignment requires 2 to 3 pages in length (500 words minimum), based upon the APA style of writing.
Intrusion Detection Systems (IDS) were developed to combat network attacks and security problems that have occurred because of the many opportunities for hackers, foreign governments, terror and criminal organizations, and business competitors to name a few. Intrusion Detection Systems are generally, divided into two types: Host-Based and Network-Based. Host-Based IDS monitor data transmissions of specific applications or systems, such as e-mail, web applications, or single computers. Host-Based IDS does not examine activity on the network as a whole. While, Network-Based IDS keep an eye on the entire network, monitoring traffic only. This paper will discuss the uses, similarities, advantages and disadvantages of each system.
Intrusion Detection Systems of all types have four specialized functions that work jointly. First, a trash collector component gathers data, logs events, and captures network traffic (sniffer). The second component is the Analysis Engine which inspects the network traffic and looks for traces of unauthorized or unusual activity. The analysis engine is the "brains" of the IDS. [1] Next, the Signature database is important because it will collect patterns and definitions of known network intrusions. The last specialized function of an ID is the User Interface and reporting, that interfaces with the administrator of the program, notifying them with alerts and allowing the administrator to manage and take action when suspicious activity occurs.
WindowsSecurity.com has a great article on the different types of IDS systems and the pros and cons of Host-Based vs Network-Based systems. (http://www.windowsecurity.com/articles/Hids_vs_Nids_Part1.html). There are a number of advantages of Host-Based IDSs. They can more accurately detect problems in specific applications that they are designed to monitor. They generate less false positive alarms. Host-Based IDSs can monitor encrypted traffic specific to an application. Finally, the Host-Based IDS systems can better determine whether an alarm really effect a specific system. When deciding whether to purchase Host-Based IDS, some disadvantages must be weighed. First you may have to purchase multiple IDS systems because you need to monitor many applications, such as e-mail, web servers, network devices, etc. There is a high cost of maintenance because you need to staff to manage the Host-Based IDS. Another disadvantage to Host-Based IDS is it is more processor intensive and consumes more resources. Host-Based IDS also are very application specific and do not see other activity that may be occurring. For example an Email IDS can not monitor for a DDoS attack. Finally if the IDS are logged on a local machine, an attacker could disable the IDS and make the system useless.
Network-Based IDSs have many overall advantages that can make it an excellent choice in protecting the network. One major advantage is that well positioned IDS sensors can examine the entire network traffic of an organization. You will have a reduced cost and time in upgrading, testing, troubleshooting one comprehensive system as an opposed to many different and varying Host-Based IDS systems. The most important advantage of network-based IDSs are that you analyze your network overall, to monitor attacks for different trends and frequencies. Unfortunately no system is perfect. The disadvantages have to be scrutinized as well. Network-Based IDSs are useless with traffic that is unencrypted. Network-Based IDS sensors needed to be place in a position where network traffic can be monitored, or they are ineffective. Network-Based IDSs have to monitor network systems that continue to grow in speed and scope. Gigabit networks now pass traffic at an alarming rate, must IDS were not designed to handle traffic at that speed. Lastly, Network-Based Intrusion Detection Systems are not monitoring activity on the computers themselves only the network.
In conclusion, when deciding on whether to choose a Host-Based ID over a Network-Based ID, decisions of need to specifically monitor applications such as email, web, or FTP, versus the entire network need to be weighed. If you have a small IT staff Network-Based IDS give you a huge advantage in monitoring the entire network. Large organization may require a hybrid of both a Network-Based IDS and a mix specific Host-Based IDSs to effectively thwart attacks from the black hats.
