Intrusion Detection Systems and Security Reports

Intrusion Detection Systems and Security Reports

Part 1: Intrusion Detection Systems

Digital Signatures

Signatures are used for the identification or approval of a particular action. The two types of signatures are atomic strategies and stateful signatures. Atomic signatures are the simplest kind of signatures and trigger a response after the occurrence of an event. Atomic signatures can occur without any consideration of previous or future patterns. Atomic signatures work on single events, and as a result, each event that is supposed to be a trigger is supposed to be attached to a particular signature. This factor makes it time-consuming and cumbersome. Get in touch with us at eminencepapers.com. We offer assignment help with high professionalism.

On the other hand, stateful signatures are systematic and can only be triggered after a considered period and a system of events occurring, known as the event horizon. Stateful signatures are used when an IPS device is used to conduct maintenance after the event horizon is reached. The setting of event horizons is determined by considering the computer resources to be used versus the ability of the system to detect vulnerability. Finding the perfect balance is a time-consuming process. As a result, the security administrators must develop the correct level. Too low a threshold and false alarms will occur too often, and too high a point and malicious attacks will occur without the alarm going off (Rivest, Shamir & Adleman, 2019).

Signature Detection Systems: Three Types of Signature Triggers

There are three main signature detection systems: pattern detection systems, anomaly-based detection systems, and behavior-based detection systems. Pattern detection systems are the simplest signature detection system that works by recognizing patterns in the form of strings or expressions. A pattern can be described as a repeating set of actions or characters that can be detected. Pattern recognition can be statistical, structural, and neural. Structural pattern recognition is the easiest pattern recognition system to implement for signatures. Different pattern recognition algorithms are used for detection systems, such as neural networks, K-Means square algorithm, and decision trees. Depending on the organization’s requirements and objectives, different algorithms can be selected as the most effective ones.

Anomaly-based detection systems work by recognizing when some actions do not fall into the category of normal. The first step in this kind of detection system is to define a set of guides that are considered normal. Anomalies are decided by using heuristics, rules, IP addresses, Mac addresses, and patterns. For instance, a monster can be detected when a device tries to log into the internal organization network and is not allowed or is blocked. A demon can also be discovered when network traffic starts flowing with a consistent pattern, unlike normal network traffic, which is random. Accordingly, to come up with an effective anomaly detection system, the administrators must recognize normal behavior and then make guides that should be fed to the detection system to allow normal behavior and flag behavior that is not normal.

Monitoring Network Traffic: Normal and Abnormal Traffic Signatures

Detecting suspicious network traffic is based on the concept that suspicious network traffic can be identified since it is not similar in both content and pattern to normal network traffic. The structures differ because malicious network traffic fits into a particular way, while normal network traffic is random. Abnormal traffic is network packets that are used to complete a specific cyber-attack. Normal network traffic is traffic originating from normal internet usage by the organization’s employees. The main purpose of abnormal network traffic detection is so that the administrators can recognize an attack as it occurs and thwart it before any damages are incurred (Lee, Levanti & Kim, 2018).

Intrusion Detection and Prevention Systems

The threshold in intrusion detection systems is a number that represents the amount of input or measure that will be passed to set the detection system to sound the alarm. Blocklisting and allowlisting are also very important in cyber security; blocked devices are devices that have been blocked from accessing a particular network, while allowed devices have been allowed access to the same network. Essentially, blocklisting means stopping and allowlisting permitted. Alert setting in cyber security is the requirements and controls that have been put in place with the detection system. Alerts are set to divert the administrator’s attention to a particular attack or intrusion (Malek, Trivedi & Shah, 2020).

HTTP Attacks on Apache Servers

Apache HTTP servers are vulnerable to multiple variations of attacks, which can number over a hundred different attacks. Apache servers are one of the most common server software in the market. As a result, many malicious users and penetration testers have looked and found vulnerabilities in the server. Some of the most common Apache server attacks include denial of service attacks and DDOS attacks. Attacks on a server can cause major damage depending on the kind of server. Most Apache servers are used for hosting websites. In addition, an attack can be used to deface the website or take down the services offered by the server (Mostafa et al., 2019). Lastly, Apache servers are also vulnerable to attacks that aim at stealing information and can cause damage to the organizations

Part 2 and 3: Security Incident Report and Research

Figure 1 shows a maintenance report. (Malek, Trivedi & Shah, 2020).

Figure 2 shows a  daily activity report (Woo, Alhazmi & Malaiya, 2020).

Figure 3 shows an incident or accident report. Lee, Levanti & Kim, 2018)

Security Reports

An IT security report is a piece of a document containing the details of any security occurrence that occurs in a particular period. Security reports can be written from software and server logs, night guard reports, and maintenance reports. Security reports are written to log any vulnerability that malicious users on the internet might exploit. There are multiple types of security reports, such as maintenance reports, accident reports, and activity reports. Maintenance reports are used in keeping records of security equipment to ensure they are ready when needed. Maintenance reports also assist in guaranteeing that vulnerabilities, such as holes in the fence, are solved and reported.

On the other hand, accident reports are documents that contain information about any accident that might have occurred on the organization’s premises, along with the cause of the accident. The organization can use accident reports to ensure the same mistake does not occur again and can be used for advice in policy creation. Activities reports can be logs of all the security actions that have been taking place as well as the time of the occurrence. These reports can be used to detect security weaknesses in daily activities as well as evidence in the event they occur (Woo, Alhazmi & Malaiya, 2020).

The Best Report for Upper Management and Technical Specialists

On the one hand, upper management would benefit the most from accident reports since they have a large impact on the well-being of the organization, especially if the accident was critical or led to the loss of life. Upper management is concerned with accident reports since it is from these documents that they can craft new policies as well as address the causes of the accidents. Upper management should not be bothered with daily activity reports unless something major occurs. On the other hand, technical specialists would benefit the most from maintenance reports. These reports should contain technical details of the device or structure that has received maintenance. These reports are also important to maintenance officers since they can assist in logging the devices that need care and identify the ones that are in perfect working condition.

The Selected Report for Circulation

If there was only one kind of report to be used by all organization members, the report should contain the most vital pieces of information in an executive summary. This executive summary aims to make it easier for the reader to understand the covered topics in the report. The report should also have a table of contents, which will be useful in identifying the exact page to identify a particular subject easier. The information should also have a title that will illustrate the contents of the report without having to read the entire piece. The information should also have page numbers that will be used to identify each page. The information should also have topic titles that introduce each topic. Finally, the information should also have a conclusion that summarizes the content of the information and reaffirms the recommendations or evidence for the provided suggestions.

 References

Lee, S., Levanti, K., & Kim, H. S. (2018). Network monitoring: Present and future. Computer Networks, 65, 84-98.

Malek, Z. S., Trivedi, B., & Shah, A. (2020, July). User behavior pattern-signature-based intrusion detection. In 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4) (pp. 549-552). IEEE.

Mostafa, S., Findley, B., Meng, N., & Wang, X. (2019). SAIS: Self-adaptive identification of security bug reports. IEEE Transactions on Dependable and Secure Computing, 18(4), 1779-1792.

Rivest, R. L., Shamir, A., & Adleman, L. M. (2019). A method for obtaining digital signatures and public-key cryptosystems (pp. 217-239). Routledge.

Woo, S. W., Alhazmi, O. H., & Malaiya, Y. K. (2020, September). We are assessing vulnerabilities in Apache and IIS HTTP servers. In 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (pp. 103-110). IEEE.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

---

Part 1: Answer the following questions

Compare intrusion detection systems.

1. Signatures fall into one of the following two categories: Atomic signatures and stateful signatures. Describe each. (75 words each)
2. There are three types of signature triggers. Describe each. (75 words each)
3. Distinguish normal traffic signatures from abnormal traffic signatures. (Minimum
4. 100)
5. Most intrusion detection and prevention systems support multiple detection capabilities. Distinguish each of the following: Thresholds, blocklists, allowlists, and alert settings. (Minimum of 100 words total)
6. Estimate the number of HTTP attacks on the Apache webserver and make a brief report (30 words)

 Part 2: Investigating and Responding to Security Incidents

Part 3: Adapt Research Skills to Discover and Sort Relevant Sources

1. Security or Incident Response Report: Through Internet or library research, search and find three examples of professional-grade security reports. If you need help searching, use the following search terms to help you: IT security reports. Try to see words that would be appropriate for different personnel levels within an organization. Also, make sure that the formats differ substantially from the one in Part 2 above. Provide a screen capture of each of the reports you found, and make sure to cite them.
2. Respond to the following in a minimum 2-page essay:
3. Highlight the primary differences between the three reports and the security report you in Part 2.
4. Based on the content of the reports, which report is best for upper management? Justify your response.
5. Based on the content of the reports, which report is best for a technical specialist? Justify your response.
6. Based on your research, if you could only circulate one report for everyone, what information would you include in it, and how would you structure it? Justify your response based on your research. In other words, would you combine aspects of the reports you found, and what format would you present in the information?