Abstract
Security is the most important issue in the present situations as the network users gaining popularity. In the current rapid affecting world, networks are mounting at extraordinary speed. For the systems administrators, protect the systems to avoid the attacks from malicious attackers is highly challenging issue. A normal user also can have a problem to secure their information from being attacks.
On the other hand, there are currently two versions of internet protocols existed. IPV4 is one of the Internet Protocol Version, which is used currently still in leading. And the other one that is IPV6 is the forth coming version of internet protocol which is intended to succeed IPv4. So, providing security for different internet protocol versions is also a considerable thing for network administrators and also for home or personal network users.
Discovering intruders who are performing unauthenticated contact is a major task in now days. So by approaching different types of tools to recognize the intruders, systems can easily prevent the intruders. Intrusion Detection System (IDS) is one type of security management system for all computers and networks. A network may be a LAN, WLAN, VLAN, WAN and many more. It can monitor and analyze the network and visualize the systems operations and as well as the history of the network operations. By visualizing this, it can easily identify the intruders. So, to provide security there is a need to install the tools for monitoring the networks in the server systems. There are many utilities at present in the market such as Intrusion detection and prevention systems, firewalls have been used and installed to thwart the third parties and hackers from attainment the access to essential information about the organisations secret data etc.
So, providing sufficient network security tools to prevent the malicious attacks can be useful to all the internet users. For this experiment, setup a small home network consisting of three or more computers, a router, a switch and wireless devices. The wireless devices are printer, phone, and webcam using IPv4. IDS/IPS would also be installed in the server to monitor internet traffic and illegal activities on the network.
The following two tools are the efficient one to use for detecting the intruders. That is Snort and Zone-alarm.
Intruders may admission the system or the private networks with not having any access permissions. Snort is the proficient tool to perceive the intruders who are imminent across the network. It can find the intruders by monitoring network activities and demonstrate the alerts on every occasion of the person enter into the specified site.
The work starts with the snort tool followed by Zone-alarm. Zone-alarm is also an important security tool to detect and prevent the intruders. By experimenting with the two tools, it will give a better comparison and can find out the efficient working tool.
And in next phase IPv4 would be replaced by IPv6 to evaluate and demonstrate the level of security in the same network.
Chapter 1-Introduction
Motivation-Problem Statement:
This project was motivated from the piece of information that the security is very significant issue in enterprise extensive applications. Particularly when susceptible information and financial transactions are concerned, the person can not ignore possibilities of an attack by hackers.
An Intrusion Detection System (IDS) is a software or hardware tool used to detect unconstitutional access of a computer machine or network. A wireless IDS performs this task absolutely for the wireless network. These systems monitor traffic on the network looking for and classification of threats and alerting persons to respond. An IDS habitually performs this task in one of two ways, with either signature-based or anomaly-based detection.
The detection of intrusions or intrusions attempts whichever manually or via software professional systems that functioning on logs or other information available from the system or the network. An intrusion is a premeditated, unauthorized endeavour to access or control information or system and turn into them untrustworthy or unusable.
When suspicious activity is from the internal network it can also be classified as misuse. Intrusion prevention is the process of performing intrusion detection and attempting to bring to a halt detected possible incidents. Intrusion detection and prevention systems (IDPS) are for the most part focused on identifying possible incidents, logging information about them, attempting to stop them, and exposing them to sanctuary administrators.
In the present system it is going to compare different kinds of WLAN intrusion detection tools like Snort, OSSEC, and Zone-alarm etc. And assess the performances by selecting any one of the tools.
Aims
The main goal of this project is to compare two major free intrusion detection tools and estimate how networks can be protected more efficiently surrounded by the normal budget and a smaller amount effort. And in the second phase it involves the implementation of next generation protocol IPv6 on the same network. This is to compare security aspects between IPv4 and IPv6.
This might help a user to take decision on what software with which version of IP protocol is easier to adopt and which one is more secure. The overall goal of this project is compare two major intrusion detection tools and then compare two protocols within the same network and evaluate the results.
Outcome of this project might helps to obtain a choice on proper intrusion detection tool and benefits of IPv6.
1.3 Objectives
The project 'Implementation and comparison of IPv4/IPv6 security on Home or small Network' is having some achievements to reach which are fallowing.
Review the research on Intrusion Detection System under IPv4 and IPv6 of version environments.
Review the research on the importance of the security in home/personal networks and the possible attacks that are to be raised.
Review the research on different types of Intrusion Detection Systems which are fallowed.
Introduction, advantages and disadvantages of one of the most conventional tool that is SNORT.
Introduction, advantages and disadvantages of one of the most conventional tool that is Zone Alarm.
Review the features of IPv4 and IPv6.
Working with SNORT and Zone alarm IDS tools for intruder detection in IPv4 environment.
Working with SNORT and Zone alarm IDS tools for intruder detection in IPv6 environment.
Review the results of two different worked environments.
Making comparison of implemented goals and categorise a report on it.
1.4 Methodology
This is a project regarding IPv4 and IPv6 security versions of network and it will compare the intrusion detection system in that versions. The objective of this project is to work on the snort and zone alarm for intrusion detection and prevention in wireless networks. It is achieved by achieving the fallowing processes.
Setting IPv4 environment and work with snort and Zone alarm IDS
Setting IPv6 environment and work with snort and Zone alarm IDS
Comparing tools with the two different environments and estimate the efficient tool.
Identification of project area:
Intrusion detection is a major task for all the home/personal network users. This project can be work around on wireless networks with different internet protocol versions. So to achieve the security related things to do not affect by the attackers, the fallowing processes are identified and need to be solved.
By monitoring and analyzing the network, attackers can gain the secret data of the intended users. So there should be an efficient tool or firewalls to prevent unauthorized accessing.
IPv6 is the forth coming version of protocol and its having some more enhanced features like large space and address assignment. So, to experiment on IPv6 for detecting intruders is might be useful for all network users.
By making comparison of the two different version protocols, users can get the clarity on which is best to use by fallowing certain standards.
Chapter 2 - Background and State of the art (literature review)
2.1 IVv6 Background:
The schema for the Information Society has had a great welcome to Secretary-General of United Nations to assemble a latest environment for multi-stakeholder policy dialogue, that is 'Internet Governance Forum (IGF)'. The authorization of the IGF includes discussing and the issues describing to "critical Internet resources". Many people considered the phrase "critical Internet resources" as the management of the
Domain Name System (DNS) and Internet Protocol (IP), in the report of the Working Group on Internet Governance, critical Internet resources.
It is clear that IP address are more essential factors as other resources that are required to offer some more services like telecommunication. Governments are also have been involved in the allocation of telecommunications naming, numbering, and addressing resources. All these things happened due to the reason that the resources are necessary factors and public resources.
IP address spaces are usually measured as basic public resources. A name service is a locality self-governing strings by means of respect together a source and as well as destination in the network. When a string is the destination name, it will not modify if that name moves somewhere. It is correct regardless of the effort of source contact with destination. While an address is a string includes symbols is going to be correct regardless of the source location but it will be change when there is a destination move. For routing related techniques, address string can be used.
As per Ting-Yun Chi analysis, IPv4 method deletion may exist on around 2011-2012. And he is not saying that it will be over on the specified time. IPv6 is the only foremost protocol in future. [IPv6 development status in Taiwan APAN 29th]
IP address allocation:
Unlike the telecommunication technologies such as telephony, the networks based on IP can be relied on machine-readable naming and addressing resources from their initiation. First actually the resources were allocated centrally but later the IP addresses came into the picture. The IP addresses management not only involved in address spaces conservation but also they involved in routing space.
After all there were some concerns raised by many people argued on IP address allocation. Different approaches have been raised regarding IP addresses. Some of them argued that there is no need to change or modify as it has been working well and efficient. However some of them they argued that there is a need to review the current system because of the fast development and the usage of internet. And these people suggested that ensure reasonable sufficient resources to distribute in the future. For this argument, the other team has given one response that is if any changes in the allocation, the technical risks may arise.
IPv4 allocation imbalances:
All the disparity are made due to the historical reason which are fallowed.
1. Earlier adopters of the Internet were capable to collect IPv4 addresses that were appeared at a time. These adopters were frequently still grasp a lot of addresses than they would be allocated under current values, insertion of them in a comparatively privileged location. This can continuing inequality is not an effect of the present values but an indication that dissimilar allocation values were in place earlier.
To make convince the future possible requisites, the current system may not support and may not fulfil the requirements. The estimation of future needs also growing rapidly.
IPv6 address management:
It is not going to be possible to maintain the address spaces for few more years. And the available addresses are shattered and if the present trend continues for a couple of years, IPv4 can not manage.
In the year of 1990s, an Internet Protocol with the version of 6 that is IPv6 was developed mostly to answer the IPv4 reduction dilemma. IPv6 is a great deal of larger address that is 128-bit format. IPv6 addresses are furthermore allocated based on the technique that is 'first come, first served' method. [IPv6 study: General Background]
Ipv6 and Ipv4:
Arrigo triulzi concluded the fallowing key diffrences between Ipv4 and Ipv6.
Ipv6 is having a simplified header where Ipv4 is lack of concern on this mechanism.
Ipv6 is having a larger address space that is 124 bits. Where as Ipv4 supports for 64 bits size of address space.
Ipv6 is having packet level support with built in authentication and encryption.
Simplified routings with no header checksums.
Ipv6 has no header destruction information.
[Arrigo triulzi]
Security in IPv6:
Drago agar , Krešimir Grgić, and Snjeana Rimac-Drlje discussedvarious security related problems in IPv6 networks. IPv6 is having a several features that can make it attractive from security point of view. IPv6 is a reliable one and the configuration is also an easiest thing. Even though it does not give the guarantee for misconfigured servers, not fair protected websites and poor designed applications.
IPv6 protocol, which has been replacement version for tangible IPv4 protocol, giving various possibile outcomes and enhancements. All these are allowing for ease, routing speed, QoS(quality of services) and ultimately security. When compe Ipv6 with Ipv4, IPv6 can give the assurence and confidentiality while transferring the information. In spite of all these enhancements, the network security still remains an extremely imperative concern while there are a few security intimidations and attack types that can influence IPv6 networks.
Introduction:
Internet Protocol version 6 (IPv6), over developing for several years, is configured earlier on production networks. As IPv4 suits for all administrator needs, there is no need to think about IPv6. Many of the Internet activated platforms are IPv6-ready and only required trouble-free instructions to entirely employ the protocol without any resultant communications carry. [Security Implications of IPv6]
For all IPv6 stacks, IPsec is the compulsory implementation. IPsec can be provide all security services to IPv6 related devices.
IPsec:
IP security provides high level quality, interoperable, cryptographically based security for IPv4 and as well as for IPv6 also. IPsec basic elements are security protocols, association, key management, authentication and encryption along with the architecture. It acts as a security host or an self-determining tool. To offer the protection, IPsec is based on the security database provided requirements. The secure implementation of IPSec supports either ESP (Encapsulating Security Payload) or AH (Authentication Header) security headers. Both can be functional together or alone. AH provides integrity and authentication while ESP includes confidentiality along with AH specified features.
[IPv6 training workshop]
Intrusion Detection System in IDS:
An Intrusion Detection System (IDS) can be considered depends on the approach for detecting the attacks. There are several types of categories are existed. Below the mentioned categories are some of the main among all.
Signature based
Host based
Anomaly based and
Compound based
Signature based category can uses knowledge of an attack like signature or pattern of attack to conclude whether the attack is happening. But the disadvantage of it is, it can not detect the attacks which are not knowledge based.
Anomaly based intrusion detection uses one model with known good behaviour and if the model doesn't match with the actual model then it assumes that is an intrusion. With this technique a lot of false detecting warnings can generate and the model known behaviour should be more accurate.
Host based intrusion detection system can be able to find the intruders who are doing unauthenticated access on the system itself.
With this reason most of the researches they may prefer to choose compound or hybrid detection system. It will use the knowledge and as well as information based on model to detect the intrusions.
Intrusion Detection Architecture:
Most of the models they focus on analyzing collected packets. So we can call it is network based intrusion detection system. But by fallowing this technique, it can not able to detect the stranger intruders. This is going to be a big issue in IPv6. Because IPv6 is having a very less much of applications for IPv6 and most them don't have much knowledge about IPv6 as it is a emerging feature. So that is the reason the author conducted one research on IDS that encompasses the systems protection. This will protect the body from all the viruses to tackle that type of issues. This research model is aiming on the attacks that are customized versions of the active attacks or cautious versions of active attacks. So, the author convey to forward this model as Dynamic Immunity Intrusion Detection System for IPv6 (DIIDS6).
They focused on the method that is for detecting and preventing the non-self attacks by collaboration along with all the cells in an exemption system. These exemptions system cell agents are gathered and showed with dynamism by contact through the network and separately group the information. So the unauthorized intrusions can be detected by the users as non-self in collaboration by exchanging the network data.
If the experiential network immunity agent detects the task as non-self intrusion then the agent give support to other immunity agents. These agents then take away the processes recognized as non-self that comprise the way of the intrusion.
This model is intended to meet the network administrator's preferences for IPv6. And it is designed with flexible and adaptable.
[ Journal of Communication and Computer, ISSN1548-7709, USA]
Intrusion Detection System:
Before the existence of snort tool, all the users in the entire world they were used tcpdump for network intrusin detection. Later on the first intrusin detection system was released that is 'Network Security Monitor'. It will analyze the network by monitoring and will detect the intruders if any. Later it was extended to network intrusin detection (NID). This was emergingly fallowed by some other mechanism that is 'shadow'. From the beginning state of shadow onwards, a very huge collection of intrusion detection systems came into the existence rapidly. A very powerfull range of free and commercial intrusion detection systems are came into the market now. And now, due to the lack of demand, there has been a littile bit of effort made to enlarge the current state of NIDS to Ipv6 support NIDS. [Intrusion detection systems and Ipv6]
ZHENWEI YU and JEFFREY J. P. TSAI suggested that the intrusion detection is a security layer and that can find the intruders and their activities. And he expected two problems in intruder detection system. In that the first one is, a lot of alarms being exibited as to overcome the system operator, a lot of alarms being false. In order to continue the enough performance with intrusion detection system, the continuos monitoring is needed. This may leads to significance problem. For these problems, the authors have evolved one automatic tuning intrusion detection system. This automatic system is controlling the generated alarms which are showing as an output to the system operators and will respond immediately on the fly when it will get the response from the system operators. [An Adaptive Automatically Tuning Intrusion
Detection System]
Intrusion detection systems be the distributed applications which will monitor the network actions for recognizing the malicious attacks. The examination is performed by an amount of attacks which are coordinated next to a precise incident flow. Intrusion detection systems will function in mixed environments and will monitor various types of event streams. At present, IDS and the equivalent attacks are being developed subsequently with an ad-hoc mechanism to equal the description of detailed objective environments.
As many of machines that are going to be protected increases, those many of development endeavour can be increased. To conquer this control, the authors have been implemented a structure named as STAT. it will support the growth of new intrusion detection functionality in a modular fashion. The STAT framework is being unlimited by subsequent a clear practice to execute intrusion detection systems modified to the intended areas and platforms. The STAT structure is novel in the truth that the expansion procedure too integrates the addition of the attacks. The resultant intrusion detection systems correspond to a software family in which the users can dynamicallyl split the widespread attacks and the capability to rearrange their behavior.
[Designing and Implementing a Family of Intrusion Detection Systems]
In recent years, wireless sensor networks have many potential applications for both civil and military tasks. However, sensor networks are susceptible to many types of attacks because they are deployed in open and unprotected environment. So it is necessary to use effective mechanisms to protect sensor networks against many types of attacks on routing protocols. Intrusion detection is one of the major and efficient defense methods against
attacks in a computer network and system. Because of different characteristics of sensor networks, security solutions have to be designed with limited usage of computation and resources. In this paper, we proposed a hybrid, lightweight intrusion detection system integrated for sensor networks. Our intrusion detection scheme take advantage of cluster-based protocol to build a hierarchical network and provide an intrusion framework based both on anomaly and misuse techniques. Our scheme can prevent most of routing
attacks on sensor networks.
Intrusion Detection System and Ipv6:
Arrigo Triulzi has discussed some new challenges in the intriduction of Ipv6 to the Intruder detection system. He discussed the challenges that can be against to the intrusion detection system designers. This discussion has also given the benefits of using Ipv6 and how these benefits are creating new challenges for intrusion detection system administrators. According to him, an intrusion detection system is fallen into two categories that is hostbased intrusion detection system (HIDS) and nerwork based intrusion detection system (NIDS). HIDS is frequently used in tools such as anti-virus programs and the vulnerable UNIX syslog's. But NIDS is battering the extension of network intrusion detection system from firewalls. So, further there is one more IDS that is Distributed NIDS that is dNIDS. [Arrigo triulzi]
Existing Ipv4 systems have deployed many technologies regarding security concerns and those are well understood. By this experience all problems have been ignored based on overtime itself. As Ipv6 rolled out as tentative consumption, a very strict protocol is required to provide safe guards for the security. And ofcorse it may not possible and very difficult to protect new Ipv6 deployments on the earlier networks. Also there are some mechanisms like IDS may not support for Ipv6 so far.
[http://books.google.co.in/books?id=vdWnIicVbSQC&pg=PA71&dq=intrusion+ipv6&hl=en&ei=cpVbTLbnD8_Jcdq2qeIB&sa=X&oi=book_result&ct=result&resnum=10&ved=0CGcQ6AEwCQ#v=onepage&q=intrusion%20ipv6&f=false]
Firewall use in Ipv6:
Firewalls are used to impose the security policies and these can control traffic types. Traffic types may travel between organizational and public intranet networks. These firewalls also protect the venture from Daniel of service attacks and network, transport and application level explosions. Due to the collision of encryption processing, the firewall device performance may be an issue. The firewalls can merely run in Ipv6 environment and can also be run in the integration of Ipv4 and Ipv6 environment.in the integration environment.[ http://books.google.co.in/books?id=U15GP4BX1_IC&pg=PA225&dq=Firewall+use+in+Ipv6&hl=en&ei=CotbTNjlF83IcbvolNQB&sa=X&oi=book_result&ct=result&resnum=1&ved=0CC8Q6AEwAA#v=onepage&q=Firewall%20use%20in%20Ipv6&f=false]
2.2 Current state of the art (Intrusion Detection, IPv6)
Conclusion:
IPv6 is an innovative and extensively obtainable adaptation of Internet Protocol that will carry a considerable amount of performance and security compensations over former versions. On the other hand, these identical benefits in addition effort to the benefit of IPv6-savvy attackers, because a lot of network administrators not comprise deployed IPv6, and are innocent that IPv6 traffic be able to pass during their networks with no consciousness. There is a littile bit difference between Ipv4 and Ipv6 according to Network Intrusion Detection System (NIDS) with the larger space exception.
