Network Intrusion and Scan Detection for Data Security
VerifiedAdded on 2022/08/25
|19
|5092
|14
Report
AI Summary
This report delves into the critical aspects of network intrusion and scan detection within a client network context. It begins by addressing reconnaissance detection, detailing methods of data collection and scanning, the use of tools like Nmap, Zenmap, and Metasploit, and strategies to capture network traffic. The report then shifts to statistical data collection, examining session data and statistical analysis of network traffic, including the tools and configurations required. Further, the report covers the implementation of Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), VLANs, and Access Control Lists (ACLs) to fortify the network. Finally, the report explores advanced persistent threats (APTs) and their implications, providing a comprehensive overview of network security evaluation and monitoring solutions. The report emphasizes the importance of proactive measures and strategic data collection to mitigate insider attacks and external threats, ensuring data security and network integrity.
Running head: NETWORK INTRUSION AND SCAN DETECTION
Network Intrusion and Scan Detection
Name of the Student
Name of the University
Author Note
Network Intrusion and Scan Detection
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1NETWORK INTRUSION AND SCAN DETECTION
Table of Contents
Question 1 (Detecting reconnaissance)......................................................................................2
i) Data Collection and Scanning.........................................................................................2
ii) Use of the Tools...........................................................................................................4
iii) Strategies to help collect traffic...................................................................................5
Question 2 (Statistical Data collection)......................................................................................6
Session data............................................................................................................................6
Statistical Data.......................................................................................................................7
Tools to Use and Configuration.............................................................................................9
Question 3 (The rest of the business).......................................................................................10
Question 4 (Advanced persistent threats (APTs))....................................................................12
Summary..............................................................................................................................12
References................................................................................................................................15
Table of Contents
Question 1 (Detecting reconnaissance)......................................................................................2
i) Data Collection and Scanning.........................................................................................2
ii) Use of the Tools...........................................................................................................4
iii) Strategies to help collect traffic...................................................................................5
Question 2 (Statistical Data collection)......................................................................................6
Session data............................................................................................................................6
Statistical Data.......................................................................................................................7
Tools to Use and Configuration.............................................................................................9
Question 3 (The rest of the business).......................................................................................10
Question 4 (Advanced persistent threats (APTs))....................................................................12
Summary..............................................................................................................................12
References................................................................................................................................15
2NETWORK INTRUSION AND SCAN DETECTION
Question 1 (Detecting reconnaissance)
i) Data Collection and Scanning
The present network of the client apparently is vulnerable to insider attacks that is
attacks being conducted by rogue staff members or members making us of the internal
network of the company (Cooper 2017). These attacks can include performing
reconnaissance, vulnerability scans, deliberate attempts to disrupt specific services, denial of
service attacks (DoS) attacks. More severe attacks can involve theft of sensitive information
of the organization or the clients and details regarding other staff members (Mugisha and
Zhou 2016). To perform the above mentioned attacks, the members need to detect the
network configuration of the hosts that are up and running at the time as well as the ports that
are open.
As can be observed from the network diagram provided, the internal network of the
organization are already providing connections several number of servers through three
different routers as well as two routers providing connections for servers of specific
departments. This forms a unified and interconnected network structure which is also
connected to a cloud network. This helps organizations in scaling of resources for specific
Question 1 (Detecting reconnaissance)
i) Data Collection and Scanning
The present network of the client apparently is vulnerable to insider attacks that is
attacks being conducted by rogue staff members or members making us of the internal
network of the company (Cooper 2017). These attacks can include performing
reconnaissance, vulnerability scans, deliberate attempts to disrupt specific services, denial of
service attacks (DoS) attacks. More severe attacks can involve theft of sensitive information
of the organization or the clients and details regarding other staff members (Mugisha and
Zhou 2016). To perform the above mentioned attacks, the members need to detect the
network configuration of the hosts that are up and running at the time as well as the ports that
are open.
As can be observed from the network diagram provided, the internal network of the
organization are already providing connections several number of servers through three
different routers as well as two routers providing connections for servers of specific
departments. This forms a unified and interconnected network structure which is also
connected to a cloud network. This helps organizations in scaling of resources for specific
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3NETWORK INTRUSION AND SCAN DETECTION
services like web, mail, FTP and other services that are being hosted by the network.
Therefore the attackers would try to collect information regarding the DNS IP address of the
web server, the mailing domain and user account databases. Based on this they will try to
hijack the web or mailing sessions. By knowing the open ports through which the services are
being provided, the members can make use of appropriate commands.
Since all the connections being provided to workstations, printers and servers of a
particular area are being done through the routing devices, it is difficult to isolate the network
connections between one another and helps other members in the network to access network
configuration of any device. The use of switches can help impose VLANs to isolate segments
and use routing commands like Access Control Lists (ACL) to block unauthorized accesses.
Then protocol analysers like Wireshark can be used to the blocked connection attempts and
the source IP address to identify the system being used by the rogue employee and possibly
identify this rogue employee.
Other than this the hardware firewalls offered by the routers can be used to form a
DMZ network through which services of only certain servers and printing devices can be
offered to other systems of various members of the organization. This DMZ or perimeter
network can be setup to implement both Intrusion Detection Systems (IDS) as also Intrusion
Prevention Systems or IPS (Canfora, Pirozzi and Visaggio 2017). An Intrusion Detection
System works by continuously monitors the network traffic and reconnaissance attempts by
unauthorized users, attempts to access information of other devices without permission as
also activities like sniffing, spoofing and social engineering attacks (Noel and Jajodia 2017).
The IDS systems generate alerts for the network administrators and the information provided
helps them take appropriate actions on the networks threats found and the source of attack
identified (Wang 2017). Intrusion Prevention Systems (IPS) work partially similar to IDS
systems but instead of relaying the information to the network administrators and waiting on
services like web, mail, FTP and other services that are being hosted by the network.
Therefore the attackers would try to collect information regarding the DNS IP address of the
web server, the mailing domain and user account databases. Based on this they will try to
hijack the web or mailing sessions. By knowing the open ports through which the services are
being provided, the members can make use of appropriate commands.
Since all the connections being provided to workstations, printers and servers of a
particular area are being done through the routing devices, it is difficult to isolate the network
connections between one another and helps other members in the network to access network
configuration of any device. The use of switches can help impose VLANs to isolate segments
and use routing commands like Access Control Lists (ACL) to block unauthorized accesses.
Then protocol analysers like Wireshark can be used to the blocked connection attempts and
the source IP address to identify the system being used by the rogue employee and possibly
identify this rogue employee.
Other than this the hardware firewalls offered by the routers can be used to form a
DMZ network through which services of only certain servers and printing devices can be
offered to other systems of various members of the organization. This DMZ or perimeter
network can be setup to implement both Intrusion Detection Systems (IDS) as also Intrusion
Prevention Systems or IPS (Canfora, Pirozzi and Visaggio 2017). An Intrusion Detection
System works by continuously monitors the network traffic and reconnaissance attempts by
unauthorized users, attempts to access information of other devices without permission as
also activities like sniffing, spoofing and social engineering attacks (Noel and Jajodia 2017).
The IDS systems generate alerts for the network administrators and the information provided
helps them take appropriate actions on the networks threats found and the source of attack
identified (Wang 2017). Intrusion Prevention Systems (IPS) work partially similar to IDS
systems but instead of relaying the information to the network administrators and waiting on
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4NETWORK INTRUSION AND SCAN DETECTION
the steps to be taken by them, the IPS systems proactively deal with the specific type of
network breach and tries to prevent further damage by blocking the network traffic or
terminates threats immediately.
Hence, implementation of IDS, IPS, VLANs and ACLs are all important as by
gaining network configuration details, the rogue members can know about the domains being
hosted and services being offered (Yeo, Che and Lakkaraju 2017). They will then run
appropriate operating systems like Kali Linux on virtual machines and target these networks.
The list of popular tools they use to do so from this OS are:
Nmap
Zenmap
Metasploit (MSF/Armitage)
Social Engineering Toolkit
ii) Use of the Tools
The operating system that attackers from inside the network of the organization
mainly use to conduct the network attacks is Kali Linux (Barrère and Lupu 2017). This is
mostly performed using the Debian version of Linux based distributions. However, the
attackers do not use the OS directly. In general, they make use of Windows based OS
platforms as their main operating system and then run Kali Linux through virtual machines
like VMware or Virtual Box which requires the AVX instruction sets of the CPUs to be
enabled. The while installing the Kali Linux OS on the applications like VMware, they
ensure certain configurations are applied. This involves choosing the specific mirrors through
which they can obtain most of the tools they require to perform the attacks. These mirror
links are listed in the source.list file located in the location /etc/apt/source.list. Sample mirrors
configured in this file can be the following:
the steps to be taken by them, the IPS systems proactively deal with the specific type of
network breach and tries to prevent further damage by blocking the network traffic or
terminates threats immediately.
Hence, implementation of IDS, IPS, VLANs and ACLs are all important as by
gaining network configuration details, the rogue members can know about the domains being
hosted and services being offered (Yeo, Che and Lakkaraju 2017). They will then run
appropriate operating systems like Kali Linux on virtual machines and target these networks.
The list of popular tools they use to do so from this OS are:
Nmap
Zenmap
Metasploit (MSF/Armitage)
Social Engineering Toolkit
ii) Use of the Tools
The operating system that attackers from inside the network of the organization
mainly use to conduct the network attacks is Kali Linux (Barrère and Lupu 2017). This is
mostly performed using the Debian version of Linux based distributions. However, the
attackers do not use the OS directly. In general, they make use of Windows based OS
platforms as their main operating system and then run Kali Linux through virtual machines
like VMware or Virtual Box which requires the AVX instruction sets of the CPUs to be
enabled. The while installing the Kali Linux OS on the applications like VMware, they
ensure certain configurations are applied. This involves choosing the specific mirrors through
which they can obtain most of the tools they require to perform the attacks. These mirror
links are listed in the source.list file located in the location /etc/apt/source.list. Sample mirrors
configured in this file can be the following:
5NETWORK INTRUSION AND SCAN DETECTION
deb http://http.kali.org/kali kali-rolling main contrib non-free
# deb-src http://http.kali.org/kali kali-rolling main contrib non-free
The latter mirror link mentioned is used for accessing files from the source package.
Kali Linux is the preferred operating system for attackers as it comes pre-installed with most
of the popular applications for conducting penetration testing and active reconnaissance
activities. One of the key tools mentioned earlier is nmap and as part of the active
reconnaissance activities attackers need to know the IP addresses of the host machines of the
target network (Chan and De Souza 2017). As these attackers are primarily rogue members
conducting insider attacks, they already know about the major network or even the subnets of
specific network segments being used by the company. The nmap configuration command
they can use to identify the IP addresses of the host machines is:
$nmap -sP 192.168.1.0/24
The execution of the command lists the host IP addresses and the latency it took to
identify them. Zenmap is another tool which be of big help as they only need to specify the
network followed by the term nmap and then click on scan. This shows them all the hosts of
the target network, the open ports being used as also the network topology of how the hosts
of the target network are interconnected.
Metasploit is another very useful tool which offers both CUI and GUI interfaces to the
attackers through msf and Armitage respectively. In Armitage, the attack can easily browse
and select nmap scan specify the target network and run the scan. This lists hosts that are up.
Then attackers can use find attacks to add the option of discovering vulnerabilities for each of
the hosts. Based on the vulnerabilities identified the attackers then select the appropriate
exploit from a list suggested to them by the application.
deb http://http.kali.org/kali kali-rolling main contrib non-free
# deb-src http://http.kali.org/kali kali-rolling main contrib non-free
The latter mirror link mentioned is used for accessing files from the source package.
Kali Linux is the preferred operating system for attackers as it comes pre-installed with most
of the popular applications for conducting penetration testing and active reconnaissance
activities. One of the key tools mentioned earlier is nmap and as part of the active
reconnaissance activities attackers need to know the IP addresses of the host machines of the
target network (Chan and De Souza 2017). As these attackers are primarily rogue members
conducting insider attacks, they already know about the major network or even the subnets of
specific network segments being used by the company. The nmap configuration command
they can use to identify the IP addresses of the host machines is:
$nmap -sP 192.168.1.0/24
The execution of the command lists the host IP addresses and the latency it took to
identify them. Zenmap is another tool which be of big help as they only need to specify the
network followed by the term nmap and then click on scan. This shows them all the hosts of
the target network, the open ports being used as also the network topology of how the hosts
of the target network are interconnected.
Metasploit is another very useful tool which offers both CUI and GUI interfaces to the
attackers through msf and Armitage respectively. In Armitage, the attack can easily browse
and select nmap scan specify the target network and run the scan. This lists hosts that are up.
Then attackers can use find attacks to add the option of discovering vulnerabilities for each of
the hosts. Based on the vulnerabilities identified the attackers then select the appropriate
exploit from a list suggested to them by the application.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6NETWORK INTRUSION AND SCAN DETECTION
iii) Strategies to help collect traffic
In a network like the one being used by the company, the volume of network traffic is so
high that a variety of measures need to be applied. The network analysts need to define the
events being generated in their network and keep expanding the definition for analyzing
events from all aspects in order to understand why some of the change of events are
unexpected. Such change of events in the network may not always be malicious. Examples of
such benign services can be addition of new services to the network which requires security
rules to be set for protecting the new service. A model of the network behavior needs to be
set up so that the network traffic can be analyzed a on the basis of this networking model and
identify any kind of deviations to the networking traffic. Although many of the changes can
be benign, there can always be malicious changes like scanning of the network, intrusion
attempts or even cross site scripting on web based services. This is why a strategic method of
collecting data about the network traffic is extremely important for companies operating with
large networking infrastructures and offering a variety of connections and services. There are
several applications that can help the network analysts with the monitoring and of network
traffic and analyzing the logs of connection attempts made from one host to another. As
mentioned earlier these applications are called protocol analyzers while systems like IDS can
be configured to detect the changes and anomalies on the network.
Question 2 (Statistical Data collection)
Session data
Networking sessions refer to simple means of storing information about a particular
user by means of unique session IDs assigned to them (Tsudik, Uzun and Wood 2016). This
session data makes it possible to keep information logs and records even when the user
browses through different pages of the company website. The unique session ID for a
iii) Strategies to help collect traffic
In a network like the one being used by the company, the volume of network traffic is so
high that a variety of measures need to be applied. The network analysts need to define the
events being generated in their network and keep expanding the definition for analyzing
events from all aspects in order to understand why some of the change of events are
unexpected. Such change of events in the network may not always be malicious. Examples of
such benign services can be addition of new services to the network which requires security
rules to be set for protecting the new service. A model of the network behavior needs to be
set up so that the network traffic can be analyzed a on the basis of this networking model and
identify any kind of deviations to the networking traffic. Although many of the changes can
be benign, there can always be malicious changes like scanning of the network, intrusion
attempts or even cross site scripting on web based services. This is why a strategic method of
collecting data about the network traffic is extremely important for companies operating with
large networking infrastructures and offering a variety of connections and services. There are
several applications that can help the network analysts with the monitoring and of network
traffic and analyzing the logs of connection attempts made from one host to another. As
mentioned earlier these applications are called protocol analyzers while systems like IDS can
be configured to detect the changes and anomalies on the network.
Question 2 (Statistical Data collection)
Session data
Networking sessions refer to simple means of storing information about a particular
user by means of unique session IDs assigned to them (Tsudik, Uzun and Wood 2016). This
session data makes it possible to keep information logs and records even when the user
browses through different pages of the company website. The unique session ID for a
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7NETWORK INTRUSION AND SCAN DETECTION
particular user is usually sent to browsers by means of session cookies (Baitha and Vinod
2018). This session ID then helps in retrieving existing data of the specific session. Whenever
a session ID or the respective cookie is not found to be present, the PHP code becomes aware
that a new session requires to be created and thus new session IDs are generated.
A session is thus a summary of conversation among two host devices. It represents the
flow of data, or stream of bilateral network traffic that is exchange of information between
two systems. Thee seven key different elements of a session are:
Timestamp
Protocol Used
IP Address of Source host
Ports used by Source host for specific protocols (TCP, SCTP and UDP)
IP Address of Destination host
Ports used by Destination host
The Snort intrusion detection system is able to identify any kind of suspicious or
malicious activity through performing inspections of the network traffic. Snort conducts
judgement based analysis and accordingly notifies the operator regarding the decision
through generation of specific alerts. The output of the alerts are thus based upon a collect-
inspect-report process. Though this is a good method of generating alerts it consists of a
major flaw. In many of the configurations Snort is never asked to generate reports of the
network traffic if it is considered to be normal. If no such alerting system is present all the
suspicious as well as malicious networking activity can get identified. This is not possible for
several situations specifically when dealing on a packet by packet basis when the network
packets are necessary to be mentioned to the operator. This requires the analysts to maintain a
particular user is usually sent to browsers by means of session cookies (Baitha and Vinod
2018). This session ID then helps in retrieving existing data of the specific session. Whenever
a session ID or the respective cookie is not found to be present, the PHP code becomes aware
that a new session requires to be created and thus new session IDs are generated.
A session is thus a summary of conversation among two host devices. It represents the
flow of data, or stream of bilateral network traffic that is exchange of information between
two systems. Thee seven key different elements of a session are:
Timestamp
Protocol Used
IP Address of Source host
Ports used by Source host for specific protocols (TCP, SCTP and UDP)
IP Address of Destination host
Ports used by Destination host
The Snort intrusion detection system is able to identify any kind of suspicious or
malicious activity through performing inspections of the network traffic. Snort conducts
judgement based analysis and accordingly notifies the operator regarding the decision
through generation of specific alerts. The output of the alerts are thus based upon a collect-
inspect-report process. Though this is a good method of generating alerts it consists of a
major flaw. In many of the configurations Snort is never asked to generate reports of the
network traffic if it is considered to be normal. If no such alerting system is present all the
suspicious as well as malicious networking activity can get identified. This is not possible for
several situations specifically when dealing on a packet by packet basis when the network
packets are necessary to be mentioned to the operator. This requires the analysts to maintain a
8NETWORK INTRUSION AND SCAN DETECTION
log of the network traffic and thorough monitoring of the information to ensure the services
provided that the sessions provide are protected.
Statistical Data
Statistical analysis of network data primarily involves analysis of network streams,
packets or exchange of data over network interconnect between one system and another.
From a statistical aspect various canonical activities and different issues that arises are
required to be addressed and they can cater to areas of differing specialities. In statistical data
vertical depth is achievable through analysis of the problems and pursuit of solutions via this
perspective alone.
The various issues that can arise here are listed below:
Mapping of the network
Characterization of the network
Sampling of the network
Network Inference
Processes involved
Among the problems listed, the mapping of the network and network characterization mix
with one another pretty well. These involve descriptive statistics about the network and this
comprises of about 2/3rd of the activities performed in this area. Network mapping requires
producing network oriented visualization of the overall digital infrastructure of a company.
Network graphs measure direct declaration of the edge and non-edge status. Generally these
edges get dictated through comparisons of similarity and threshold metrics as also voting
among the routers and I-net.
The general issues that can generate from statistical data analysis can different kinds of
various measurements for example binary. This can influence the quality of information
log of the network traffic and thorough monitoring of the information to ensure the services
provided that the sessions provide are protected.
Statistical Data
Statistical analysis of network data primarily involves analysis of network streams,
packets or exchange of data over network interconnect between one system and another.
From a statistical aspect various canonical activities and different issues that arises are
required to be addressed and they can cater to areas of differing specialities. In statistical data
vertical depth is achievable through analysis of the problems and pursuit of solutions via this
perspective alone.
The various issues that can arise here are listed below:
Mapping of the network
Characterization of the network
Sampling of the network
Network Inference
Processes involved
Among the problems listed, the mapping of the network and network characterization mix
with one another pretty well. These involve descriptive statistics about the network and this
comprises of about 2/3rd of the activities performed in this area. Network mapping requires
producing network oriented visualization of the overall digital infrastructure of a company.
Network graphs measure direct declaration of the edge and non-edge status. Generally these
edges get dictated through comparisons of similarity and threshold metrics as also voting
among the routers and I-net.
The general issues that can generate from statistical data analysis can different kinds of
various measurements for example binary. This can influence the quality of information
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9NETWORK INTRUSION AND SCAN DETECTION
contained by the underlying relation. There are also issues regarding the view of the network
represented by the analogues in spatial statistics about whether it is full or partial. Amount of
samples generated and misses are the other important issues. This is coupled with the
challenges of understanding the relation of data and complex dependencies. This makes an
accurate approach of analysing statistical data extremely important.
Tools to Use and Configuration
As already mentioned earlier, protocol analysers like Wireshark and Microsoft
Message Analyser are exceptional tools for providing detailed logs of information contained
in network packets throughout the traffic of specific network segments and interfaces and the
different activities they correspond to. These tools can also be used to view TCP graphs and
visual representation of the hops involved in the transmission. Therefore these tools along
with the built-in firewall of Windows are enough for the network analysts for monitoring the
network from the software side. On the hardware side systems like IDS need to be
implemented coupled with enabling the firewall services offered by the routers and possibly
using them to setup a DMZ or perimeter network.
For the attackers, most of the tools to use to obtain the session and statistical data
already comes pre-installed within the Kali Linux operating system. For example nmap offers
a long list of commands to obtain the session details of a particular network. These can be
viewed by entering the command nmap –h in the terminal window. Zenmap is another
application that can use nmap commands and a variety of scans to obtain the statistical
information like the network topology of the target network chosen by the attacker. Attackers
can also run InSSIDer which is a free to use application for conducting the process of
wardriving to pick up the vulnerable networks around the campus and office premises of the
organization. It is then the attackers can use the wireless access points (AP) of these
vulnerable wireless networks as rogue APs. The application also provides detailed
contained by the underlying relation. There are also issues regarding the view of the network
represented by the analogues in spatial statistics about whether it is full or partial. Amount of
samples generated and misses are the other important issues. This is coupled with the
challenges of understanding the relation of data and complex dependencies. This makes an
accurate approach of analysing statistical data extremely important.
Tools to Use and Configuration
As already mentioned earlier, protocol analysers like Wireshark and Microsoft
Message Analyser are exceptional tools for providing detailed logs of information contained
in network packets throughout the traffic of specific network segments and interfaces and the
different activities they correspond to. These tools can also be used to view TCP graphs and
visual representation of the hops involved in the transmission. Therefore these tools along
with the built-in firewall of Windows are enough for the network analysts for monitoring the
network from the software side. On the hardware side systems like IDS need to be
implemented coupled with enabling the firewall services offered by the routers and possibly
using them to setup a DMZ or perimeter network.
For the attackers, most of the tools to use to obtain the session and statistical data
already comes pre-installed within the Kali Linux operating system. For example nmap offers
a long list of commands to obtain the session details of a particular network. These can be
viewed by entering the command nmap –h in the terminal window. Zenmap is another
application that can use nmap commands and a variety of scans to obtain the statistical
information like the network topology of the target network chosen by the attacker. Attackers
can also run InSSIDer which is a free to use application for conducting the process of
wardriving to pick up the vulnerable networks around the campus and office premises of the
organization. It is then the attackers can use the wireless access points (AP) of these
vulnerable wireless networks as rogue APs. The application also provides detailed
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10NETWORK INTRUSION AND SCAN DETECTION
information to attackers regarding the type of security mechanisms and encryption modes
being used by wireless networks so that they can apply suitable exploits to penetrate the
networks.
Question 3 (The rest of the business)
ITSM stands for IT Service Management and is this concept has enabled the
organization in maximizing business values by making use of information technology (IT).
ITSM positions are the IT services that serve as key means for delivering as well as
obtaining value, where internal and external IT service providers work together with the
business customers (in this case the company) while also taking the time and responsibility
for all the risks and associated costs. ITSM functions throughout the entire lifecycle of the
services offered, as per the strategies designs and transitions involved with the live operation.
For ensuring the quality of IT services offered by the company networks can be
sustained, ITSM has established a list of practices, processes which constitute service
management systems. There exists different types of standards such as national, international
and industrial standards for management of IT services, set up of requirements as also good
practices for managing the overall system. The company is recommended to integrate IDS in
their network and hence the ITSM services should be used according to generate the best
result.
The set of principles on which ITSM is based upon are focus towards
value and continuous improvements. This not only includes a set of processes but also
involves the cultural mindset for ensuring that the desired outcomes for the network services
of the particular business gets achieved. This includes principles as well as practices of
different methods of management which can be change management in the organization, lean
manufacturing, analysis of systems and management of risks. Since IDS involves generation
information to attackers regarding the type of security mechanisms and encryption modes
being used by wireless networks so that they can apply suitable exploits to penetrate the
networks.
Question 3 (The rest of the business)
ITSM stands for IT Service Management and is this concept has enabled the
organization in maximizing business values by making use of information technology (IT).
ITSM positions are the IT services that serve as key means for delivering as well as
obtaining value, where internal and external IT service providers work together with the
business customers (in this case the company) while also taking the time and responsibility
for all the risks and associated costs. ITSM functions throughout the entire lifecycle of the
services offered, as per the strategies designs and transitions involved with the live operation.
For ensuring the quality of IT services offered by the company networks can be
sustained, ITSM has established a list of practices, processes which constitute service
management systems. There exists different types of standards such as national, international
and industrial standards for management of IT services, set up of requirements as also good
practices for managing the overall system. The company is recommended to integrate IDS in
their network and hence the ITSM services should be used according to generate the best
result.
The set of principles on which ITSM is based upon are focus towards
value and continuous improvements. This not only includes a set of processes but also
involves the cultural mindset for ensuring that the desired outcomes for the network services
of the particular business gets achieved. This includes principles as well as practices of
different methods of management which can be change management in the organization, lean
manufacturing, analysis of systems and management of risks. Since IDS involves generation
11NETWORK INTRUSION AND SCAN DETECTION
of alerts for specific services and changes both benign and malicious, the procedures to deal
with the alerts should be present in the ITSM services implemented.
ITIL frameworks are the most widely accepted and encouraged standard for
knowledge regarding the implementation of ITSM based services (Kumar, Selamat and
Hassan 2018). Through ITIL, the definitions for ITSM based services are given ( Ciesielska
2017). This involves managing and implementation of IT services whose quality meets the
need of the business in particular. It also mentions that IT service management needs to be
performed by means of the IT service vendors via appropriately mixing of people, processes
and IT. ITIL in other words offer best practice frameworks thus providing guidance about the
way the delivery of ITSM should be performed (Cusick 2020). Though there exists multiple
frameworks as also standards for describing the management of IT services, ITIL happens to
be the ideal as well as the most popularly applied and preferred framework across the globe.
Since ITIL has advanced a long way from just delivering services as it can be referred
to ensure that end to end delivery of services is also provided (Orta and Ruiz 2019). The most
up to date framework of ITIL happens to be ITIL 4 which is the best framework the company
should refer to ensure that providing their customers remain to be a key element for the
services that are being offered to them through the value creating process ( Imroz 2019). ITIL
4 focusses on facilitating co-creation of values through Service Value System or SVS via
service relationships. This SVS presents the means by which multiple components and
activities of the company network can be integrated together for such that the company
network is able to facilitate value addition via the IT based services it offers to their
customers. This service value chain is known for the flexibility it offers and needs to be
applied for different method of applications which includes specific teams for ensuring
product focused delivery, Operations among development and IT teams (DevOps) as also IT
support (Zhu, Bass and Champlin-Scharff 2016). The importance of how adaptable the value
of alerts for specific services and changes both benign and malicious, the procedures to deal
with the alerts should be present in the ITSM services implemented.
ITIL frameworks are the most widely accepted and encouraged standard for
knowledge regarding the implementation of ITSM based services (Kumar, Selamat and
Hassan 2018). Through ITIL, the definitions for ITSM based services are given ( Ciesielska
2017). This involves managing and implementation of IT services whose quality meets the
need of the business in particular. It also mentions that IT service management needs to be
performed by means of the IT service vendors via appropriately mixing of people, processes
and IT. ITIL in other words offer best practice frameworks thus providing guidance about the
way the delivery of ITSM should be performed (Cusick 2020). Though there exists multiple
frameworks as also standards for describing the management of IT services, ITIL happens to
be the ideal as well as the most popularly applied and preferred framework across the globe.
Since ITIL has advanced a long way from just delivering services as it can be referred
to ensure that end to end delivery of services is also provided (Orta and Ruiz 2019). The most
up to date framework of ITIL happens to be ITIL 4 which is the best framework the company
should refer to ensure that providing their customers remain to be a key element for the
services that are being offered to them through the value creating process ( Imroz 2019). ITIL
4 focusses on facilitating co-creation of values through Service Value System or SVS via
service relationships. This SVS presents the means by which multiple components and
activities of the company network can be integrated together for such that the company
network is able to facilitate value addition via the IT based services it offers to their
customers. This service value chain is known for the flexibility it offers and needs to be
applied for different method of applications which includes specific teams for ensuring
product focused delivery, Operations among development and IT teams (DevOps) as also IT
support (Zhu, Bass and Champlin-Scharff 2016). The importance of how adaptable the value
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.