2808ICT Information Management: Intrusion Detection, Firewalls & OS

Verified

Added on 2023/06/07

AI Summary

This report provides an overview of intrusion detection systems (IDS), firewalls, and operating system (OS) security, crucial components of information management. It details the components, principles, and detection mechanisms of IDS, including anomaly and signature detection, and categorizes IDS into host-based, network-based, and distributed systems, with the Snort system as an example. The report explains how firewalls protect networks by filtering traffic based on IP addresses, protocols, and user identities, highlighting their limitations and the need for combined external and internal firewalls in DMZ networks. Furthermore, it discusses strategies for securing operating systems, such as whitelisting applications, patching, and restricting administrative privileges, and introduces the Bell-LaPadula (BLP) model for access control. The report emphasizes the importance of security maintenance through monitoring, backups, regular testing, and software updates. Desklib offers more resources like this to aid students in their studies.

Running head: INFORMATION MANAGEMENT
Information Management
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION MANAGEMENT
Intrusion Detection
It is a service that maintains the security of a system through the help of surveillance
and analysis of the events in the system. It is mainly done for detecting out and supporting the
system with real-time or tending to be real-time warnings of the unauthorized access to the
valuable resources of the system. The components of the system include a collection of the
sensors, analyser and user interface. The detection mechanism is of two types namely
Anomaly Detection and Signature/Heuristic Detection. The Intrusion Detection System (IDS)
is categorised into Host-based IDS (HIDS), Network-based IDS (NIDS), and Distributed or
hybrid IDS (Liao et. al., 2013). These three types of Intrusion Detection System helps in
providing with the best support for the security services to detect out the malicious intrusions.
One example of IDS architecture is the Snort System. It can be open-source host-based or
network-based or distributed IDS. The Snort system uses a decoder to detect the packets and
sends it to the detection engine from where an alert is generated during the login procedure.
Firewalls
In general, terms Firewalls are meant for detecting out the breakage of fire and to
prevent the fast spreading out of a fire. In technological terms, the computer firewalls aids in
protecting a particular zone of the network from several attacks that are spread from the other
zones of the network. The computer firewalls are composed of the firewall filter options
(Khoumsi, Krombi & Erradi, 2014). These filter options are the IP address and protocol
values, the Application protocol, the User identity and the Network activity. The firewalls are
useful in providing the system with the minimum security, as the firewalls are unable to
prevent attacks that bypass the firewalls. It is convenient in a small area of service where the
number of attacks and the internal threats is less. The Demilitarised (DMZ) zone networks
require a combination of an external firewall along with an internal firewall because these

2INFORMATION MANAGEMENT
networks are both internally and externally accessible. The firewalls in Virtual Private
Networks are provided with an IP security protocol for the encryption of data and security.
Operating System Security
There can be several intrusions while availing a network service. However, these
intrusions can be mitigated by following four strategies guided by the Australian Signals
Directorate (ASD). These strategies are whitelisting the approved applications, patching the
third-party applications, restricting the administrative privileges and patching the operating
systems. Security to Operating Systems can be provided by installing and patching the
operating system followed by configuring the operating system (Chapter & Stallings, 2015).
Configuration can be done by removing the unnecessary applications services, configuring
various permissions and configuring the resource controls. In addition to it, additional
security controls should also be configured. Further testing the security of the operating
system should also be performed. The Bell-LaPadula (BLP) Model is a formal model for the
access control where subjects and objects are assigned a security level. BLP model properties
are the No read up and the No write down. Security maintenance is achieved by monitoring
log files, performing regular backups, recovering from security issues, regularly testing the
system security, updating all crucial software and monitoring the configurations
(Silberschatz, Galvin & Gagne, 2014).

3INFORMATION MANAGEMENT
References
Chapter, C. S. H., & Stallings, W. (2015). Operating System Security.
Khoumsi, A., Krombi, W., & Erradi, M. (2014). A formal approach to verify completeness
and detect anomalies in firewall security policies. In International Symposium on
Foundations and Practice of Security (pp. 221-236). Springer, Cham.
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A
comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.
Silberschatz, A., Galvin, P. B., & Gagne, G. (2014). Operating system concepts essentials.
John Wiley & Sons, Inc..