Deakin University SIT382 Assignment 2: System Security Exploitation
VerifiedAdded on 2022/09/16
|17
|3344
|18
Practical Assignment
AI Summary
This assignment solution for SIT382, a System Security course, details the exploitation of web application vulnerabilities using techniques like SQL injection and XXE attacks within the WebGoat environment. The solution covers challenges involving password retrieval, authentication bypass, account creation, and password resets, providing step-by-step explanations and screenshots. The assignment also addresses the use of tools such as BurpSuite and Firefox Developer Tools for intercepting and modifying web requests. Furthermore, the document includes a research component exploring the effectiveness of integrating IDS, IPS, Firewalls, and Honeypots to enhance real-time system security, along with the development of IDS and Honeypots. The solution emphasizes practical application, documentation, and the demonstration of security exploitation and defense strategies.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
System Security
SIT382
Assignment 2
SIT382
Assignment 2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Part A
Challenge 1: Admin lost password
The challenged involved gaining access to the web-goat - without having an administrator’s
username and password; conventionally, such attacks are successful through social
engineering attacks. A common mistake with users is failure to change their credentials from
the default admin/admin. On this task, these credentials did not work and therefore more
analysis was performed. The page was keenly inspected using various web developers’ tools
such as Firebug on Firefox.
Solution
A keen analysis of the .png logo revealed some information that was used to gain access to
the server. I downloaded the logo and inspected the image using a text editor. A search for
Admin yielded the results below.
Figure 2.0 Analysis of the logo using a text editor.
The following credentials were obtained from the image above.
admin:!!webgoat_admin_1234!!
Username: admin
Password: !!webgoat_admin_1234!!
Challenge 1: Admin lost password
The challenged involved gaining access to the web-goat - without having an administrator’s
username and password; conventionally, such attacks are successful through social
engineering attacks. A common mistake with users is failure to change their credentials from
the default admin/admin. On this task, these credentials did not work and therefore more
analysis was performed. The page was keenly inspected using various web developers’ tools
such as Firebug on Firefox.
Solution
A keen analysis of the .png logo revealed some information that was used to gain access to
the server. I downloaded the logo and inspected the image using a text editor. A search for
Admin yielded the results below.
Figure 2.0 Analysis of the logo using a text editor.
The following credentials were obtained from the image above.
admin:!!webgoat_admin_1234!!
Username: admin
Password: !!webgoat_admin_1234!!
Figure 3.0 successfully verified and flag obtained.
Challenge 2: Without Password
This challenge entailed bypassing authentication, to gain access to the server without use of a
password. Traditionally, a common security flaw occurs where software developers fail to put
necessary checks; to avoid SQL injection. With SQL injection, one can easily gain access or
reveal critical information about a software system. SQL injection is effected by carefully
sending data to an SQL database, forcing it to reveal more information.
Crafting the payload
Username: Larry
Password: ' or 1=1 --
The hyphen was meant to terminate any previous sql statement and then a logical evaluation
was put “OR” 1=1 which would evaluate to true.
With this payload, the authentication was successfully bypassed as is evident from the screen
shots below.
Challenge 2: Without Password
This challenge entailed bypassing authentication, to gain access to the server without use of a
password. Traditionally, a common security flaw occurs where software developers fail to put
necessary checks; to avoid SQL injection. With SQL injection, one can easily gain access or
reveal critical information about a software system. SQL injection is effected by carefully
sending data to an SQL database, forcing it to reveal more information.
Crafting the payload
Username: Larry
Password: ' or 1=1 --
The hyphen was meant to terminate any previous sql statement and then a logical evaluation
was put “OR” 1=1 which would evaluate to true.
With this payload, the authentication was successfully bypassed as is evident from the screen
shots below.
Flag: 412765f1-ade4-4e64-8cf6-12496a74a6af
Figure 4.0 Bypassing authentication successfully
Figure 4.0 Bypassing authentication successfully
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Challenge 3: Creating a new account
The ability to create an account, and give it admin credentials can cause devastating attacks
on various web-based systems. The technique has widely been used in attacking and defacing
websites especially Joomla based websites. Theoretically, such attacks are successful where
vulnerabilities exist, especially regarding SQL injection vulnerabilities. For developers who
fail to put measures to check and eliminate injection attacks on registration forms, put the
systems at risk of such attacks. Theoretically, blind sql injection cannot be detected easily as
normal SQL injection since the SQL Error is not displayed. It however still possesses some
security risks that can be exploited.
On the login page, much information could not provide sufficient information to compromise
the system. However the registration form was exposing some information allowing us to
evaluate and launch more attacks using the payload
tom' AND '1'='1
Figure 6.0 Register form
We were able to know that the username had been taken.
The ability to create an account, and give it admin credentials can cause devastating attacks
on various web-based systems. The technique has widely been used in attacking and defacing
websites especially Joomla based websites. Theoretically, such attacks are successful where
vulnerabilities exist, especially regarding SQL injection vulnerabilities. For developers who
fail to put measures to check and eliminate injection attacks on registration forms, put the
systems at risk of such attacks. Theoretically, blind sql injection cannot be detected easily as
normal SQL injection since the SQL Error is not displayed. It however still possesses some
security risks that can be exploited.
On the login page, much information could not provide sufficient information to compromise
the system. However the registration form was exposing some information allowing us to
evaluate and launch more attacks using the payload
tom' AND '1'='1
Figure 6.0 Register form
We were able to know that the username had been taken.
Analysis showed that the table for passwords was named password, thus an automated SQL
injection could be attempted using the payload.
tom' AND substring(password,1,1)='t
The response indicated that the username had been taken
The automated bruteforce attack was performed with the payload
tom' AND SUBSTRING(password, 1, 1)='X';--
Where X was replaced with values from the alphabet; abcdefghijklmnupqrstuvxyz
The first character of the password was set to “t” while the rest were randomly fuzzed
resulting in the password; thisisasecretfortomonly
The password was found by use of some python code to run the fuzzing of the password
Figure 8.0 Successful challenges on tom’s password
injection could be attempted using the payload.
tom' AND substring(password,1,1)='t
The response indicated that the username had been taken
The automated bruteforce attack was performed with the payload
tom' AND SUBSTRING(password, 1, 1)='X';--
Where X was replaced with values from the alphabet; abcdefghijklmnupqrstuvxyz
The first character of the password was set to “t” while the rest were randomly fuzzed
resulting in the password; thisisasecretfortomonly
The password was found by use of some python code to run the fuzzing of the password
Figure 8.0 Successful challenges on tom’s password
Challenge 4: Admin password reset
Resetting the administrator’s password was very tricky. From research and analysis, I needed
the WebWolf to facilitate the resetting process.
Figure 9.0 Password Reset page and the web wolf page.
On the WebGoat’s password reset page, a reset link was generated; the email was accessed
by use of WebWolf.
Figure 10.0 Received reset email from webgoat
Resetting the administrator’s password was very tricky. From research and analysis, I needed
the WebWolf to facilitate the resetting process.
Figure 9.0 Password Reset page and the web wolf page.
On the WebGoat’s password reset page, a reset link was generated; the email was accessed
by use of WebWolf.
Figure 10.0 Received reset email from webgoat
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 11.0 the reset email with a link for resetting the password.
A click on the link showed an error; indicating that the link was not the reset link for admin
To identify vulnerability on the reset link that I could manipulate, I downloaded WebGoat’s
source code, and searched for PasswordResetLink.java
Figure 11.0 Inspection of the Source code to identify vulnerabilities.
From the analysis of the code, I realized that the reset link was generated by use of the
username; which had to be admin and a secret key. A further analysis of this function
showed that the secret key was not important since the code only used the length of the key
and not the value of the key. For that reason, we could do a trial and error of different lengths
of the key; by repeatedly passing a key of different length and then pasting the generated key
on the reset link.
Figure 12.0 Compiling the MD5.java and PassworResetLink.java
A click on the link showed an error; indicating that the link was not the reset link for admin
To identify vulnerability on the reset link that I could manipulate, I downloaded WebGoat’s
source code, and searched for PasswordResetLink.java
Figure 11.0 Inspection of the Source code to identify vulnerabilities.
From the analysis of the code, I realized that the reset link was generated by use of the
username; which had to be admin and a secret key. A further analysis of this function
showed that the secret key was not important since the code only used the length of the key
and not the value of the key. For that reason, we could do a trial and error of different lengths
of the key; by repeatedly passing a key of different length and then pasting the generated key
on the reset link.
Figure 12.0 Compiling the MD5.java and PassworResetLink.java
Figure 13.0 Continuously generating a reset key by use of username: admin and a key of
different length, the final reset harsh that worked was; 375afe1104f4a487a73823c50a9292a2
The harsh was generated by passing a secret key of length 13; the value of the key was not
important!, what was important was the length of the key.
I pasted the generated harsh on the reset URL until it worked;
Flag: 5e030862-27b5-4952-8553-d27c83003e8d
different length, the final reset harsh that worked was; 375afe1104f4a487a73823c50a9292a2
The harsh was generated by passing a secret key of length 13; the value of the key was not
important!, what was important was the length of the key.
I pasted the generated harsh on the reset URL until it worked;
Flag: 5e030862-27b5-4952-8553-d27c83003e8d
Challenge 5: Without Account
Challenge 5 Default page, trying to vote without an account.
Tying to vote by directly placing the vote as a URL; with this approach we tried to
manipulate the server by user of GET method; by simply calling the URL and passing the
vote value on the URL. This approach failed with the error below.
Checking the request using Chrome Developer tools shows the request was a GET request.
Our intension is to change the request from GET to any other request type such as HEAD
Challenge 5 Default page, trying to vote without an account.
Tying to vote by directly placing the vote as a URL; with this approach we tried to
manipulate the server by user of GET method; by simply calling the URL and passing the
vote value on the URL. This approach failed with the error below.
Checking the request using Chrome Developer tools shows the request was a GET request.
Our intension is to change the request from GET to any other request type such as HEAD
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
To edit and resend the request, I used Firefox Developer tools [which can be opened by
pressing Ctrl + Shift + I] . I then opened the request page to inspect with the developer tools.
The tools allows one to edit and forward a request. As shown below.
I changed the request type from GET to HEAD and send the request.
pressing Ctrl + Shift + I] . I then opened the request page to inspect with the developer tools.
The tools allows one to edit and forward a request. As shown below.
I changed the request type from GET to HEAD and send the request.
Section 2: XXE vulnerabilities attack
XML External Entity vulnerability (XXE) attacks entails exploiting applications that process
or parse XML inputs. The attack happens when XML input that contains a reference to an
external entity is processed by a weakly configured XML parser. The attack causes unwanted
exposure of confidential data, enables attackers to perform remote port scanning of the
system hosting the parsers, facilitates execution of server side request forgery and can even
facilitate denial of service attacks.
The Extensible Markup Language (XML) 1.1 standard outlines the overall structure of any
given XML document. This standard outlines the concept of an entity; the unit used in the
storage of information within an XML document. Among the various types of entities, one in
particular; the external entity, has the ability to access remote and local contents by use of a
declared system identifier. This particular identifier is in form of a URL, accessible by a
given XML processor while processing an entity. A given XML processor dereferences the
identifier, fetches content from the URL and replaces the instances of the named external
entity with the content obtained through the system identifier.
An attack on the XML parser takes advantage of the fact that the processor dereferences data
referenced by the system identifier. To launch an attack, one would place attack payload as
data referenced by the system identifier; when the XML processor dereferences the attack
payload, it is compromised resulting in disclosure of sensitive and confidential information,
which would ordinarily not be accessible by a given application. This type of attack also
affects external schemas, external styesheets and external DTBs; if these are also included in
an XML document, they easily allow an attack to launch similar attacks.
XXE attacks can cause considerable harm to a system; such as file disclosure, allowing
attackers to infiltrate the system and cause other types of attacks. The attackers mostly use
XXE attack as a pivot to launch other attacks on internal systems. In some cases, an XXE
attack facilitates the planting and execution of arbitrary code, resulting in data breaches and
Denial of Service attacks.
XXE Attack on WebGoat
To demonstrate XXE attack, we launched an attack on local WebGoat installation. The task
here was to try to intercept an XML request, modify the request and then forward it with
different instructions. The attack was performed in three stages;
Intercepting a vulnerable POST request by use of ZAP and Burpsuite
Adding injected ENTITY in the xml request
Forwarding the modified POST request
XML External Entity vulnerability (XXE) attacks entails exploiting applications that process
or parse XML inputs. The attack happens when XML input that contains a reference to an
external entity is processed by a weakly configured XML parser. The attack causes unwanted
exposure of confidential data, enables attackers to perform remote port scanning of the
system hosting the parsers, facilitates execution of server side request forgery and can even
facilitate denial of service attacks.
The Extensible Markup Language (XML) 1.1 standard outlines the overall structure of any
given XML document. This standard outlines the concept of an entity; the unit used in the
storage of information within an XML document. Among the various types of entities, one in
particular; the external entity, has the ability to access remote and local contents by use of a
declared system identifier. This particular identifier is in form of a URL, accessible by a
given XML processor while processing an entity. A given XML processor dereferences the
identifier, fetches content from the URL and replaces the instances of the named external
entity with the content obtained through the system identifier.
An attack on the XML parser takes advantage of the fact that the processor dereferences data
referenced by the system identifier. To launch an attack, one would place attack payload as
data referenced by the system identifier; when the XML processor dereferences the attack
payload, it is compromised resulting in disclosure of sensitive and confidential information,
which would ordinarily not be accessible by a given application. This type of attack also
affects external schemas, external styesheets and external DTBs; if these are also included in
an XML document, they easily allow an attack to launch similar attacks.
XXE attacks can cause considerable harm to a system; such as file disclosure, allowing
attackers to infiltrate the system and cause other types of attacks. The attackers mostly use
XXE attack as a pivot to launch other attacks on internal systems. In some cases, an XXE
attack facilitates the planting and execution of arbitrary code, resulting in data breaches and
Denial of Service attacks.
XXE Attack on WebGoat
To demonstrate XXE attack, we launched an attack on local WebGoat installation. The task
here was to try to intercept an XML request, modify the request and then forward it with
different instructions. The attack was performed in three stages;
Intercepting a vulnerable POST request by use of ZAP and Burpsuite
Adding injected ENTITY in the xml request
Forwarding the modified POST request
In the attack, the first step was to intercept the request using Burpsuit, the request was
modified to change the comment, and then forwarded the result of which is that a different
comment was place instead of the original comment.
PART B
Research Question 1: Can an integrated system with IDS, IPS, Firewall and Honeypot
together to improve the real-time system security?
The world has increased its internet connectivity and devices that communicate to one
another via the internet. This surge has attracted malicious hackers whose main stage of battle
is the World Wide Web. These hackers’ phish data namely personal bank details, cell phone
account details, and personal profile details. Hackers use various methods to infiltrate into
systems such as use of click jacking attacks, virus, Trojan, Eavesdropping, FAKE Wap,
Waterhile attacks, Key logger, and denial of service. These malicious activities are the main
reason for the creation of technologies that prevent and detect the intrusion of sensitive
systems.
With attacks ever increasing by the day, intrusion detection, firewalls and intrusion
prevention systems are critical to any network. Whereas most deployment use one of the
modified to change the comment, and then forwarded the result of which is that a different
comment was place instead of the original comment.
PART B
Research Question 1: Can an integrated system with IDS, IPS, Firewall and Honeypot
together to improve the real-time system security?
The world has increased its internet connectivity and devices that communicate to one
another via the internet. This surge has attracted malicious hackers whose main stage of battle
is the World Wide Web. These hackers’ phish data namely personal bank details, cell phone
account details, and personal profile details. Hackers use various methods to infiltrate into
systems such as use of click jacking attacks, virus, Trojan, Eavesdropping, FAKE Wap,
Waterhile attacks, Key logger, and denial of service. These malicious activities are the main
reason for the creation of technologies that prevent and detect the intrusion of sensitive
systems.
With attacks ever increasing by the day, intrusion detection, firewalls and intrusion
prevention systems are critical to any network. Whereas most deployment use one of the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
above security tools, a combination of IDS, IPS, Firewall and Honeypot can be put together
to improve the real-time system security, as demonstrated by Thu (2013). On one hand, an
Intrusion Detection Systems (IDS) detects and logs anomalous as well as incorrect or
inappropriate activities (Kozushko, 2003). On the other hand, Intrusion Prevention System
(IPS) adds more functionality, by being able to detect and reduce or prevent malicious
activities on any system or network (Patel, Qassim and Wills, 2010). Additionally, a firewall
enforce rule based packet filtering; applying that determine if a packet is to be allowed or
disallowed to enter or leave a network (Ehlert, Geneiatakis and Magedanz, 2010). A
Honeypot on the other hand, purposely established and designed to attract attacks on known
vulnerabilities, in order to monitor and log attacks that are launched against the computing
resources. Information gather through Honeypots allows researchers to analyse attacker’s
paths, tools used, purpose and tactics employed (Spitzner, 2003). Unlike other detection
systems, Honeypots are meant to be attacked, and any traffic to a Honeypot is treated as
suspicious (Sharma and Singh, 2012).
Intrusion detection systems are divided into two broad classes; network based intrusion
detection system and host-based intrusion network detection systems. NIDS (network
intrusion detection systems) detects any attempt to alter the normal behaviour of the system
by assessing the network traffic (Kozushko, 2003). HIDs (Host Intrusion Detection Systems)
analyse the process that occurs in the local system. HIDS are further classified into two
categories. Misuse detection which identifies behaviours that are unique to intrusions this
may not be effective as hackers may develop new methods of intrusion. Anomaly detectors
identifies behaviours of intrusions compared to the normal behaviour of the system, the
system will triose a red flag if there are changes to how the system behaves while normal
(Kozushko, 2003).
Combining IDS, IPS, Firewalls and honeypots can therefore result in a very powerful system
as it would detect intrusions, prevent them from harming computing resources and help in
learning how attacks are launched why and by who; through the use of Honeypots. The IDS
and IPS would come in handy in detecting abnormal behaviour from a set of given principles
about a system whereas the Honeypot would aid the IPS in detection method, tools and
tactics employed from collected behaviours of attacks that happened previously.
Research Question 2: IDS and Honeypot development
IDS and Honeypots have been in existence for the last four decades. The journey began with
the model that was designed by James Anderson in 1980 when he drafted a report that
pointed out the security threats faced in the army’s computer security (Ashoor and Gore,
2011). The report published by James was the basis of many security methods like the rule-
based methods; that scanned and compared network traffic against a list of stored threats
(Innella, 2001). In 1986 Dorothy Denning formed a model that used data collected for
anomaly detection (Denning, 1987). This model was based on the theory that violations may
be detected by monitoring a systems audit report for irregular usage. The model collects data
of profiles and knowledge of the behaviours (Denning, 1987). The model was also
independent of any system, system vulnerability, type of intrusion and application
environment. Dorothy model was the nemesis of most IDS systems for example in 1988
to improve the real-time system security, as demonstrated by Thu (2013). On one hand, an
Intrusion Detection Systems (IDS) detects and logs anomalous as well as incorrect or
inappropriate activities (Kozushko, 2003). On the other hand, Intrusion Prevention System
(IPS) adds more functionality, by being able to detect and reduce or prevent malicious
activities on any system or network (Patel, Qassim and Wills, 2010). Additionally, a firewall
enforce rule based packet filtering; applying that determine if a packet is to be allowed or
disallowed to enter or leave a network (Ehlert, Geneiatakis and Magedanz, 2010). A
Honeypot on the other hand, purposely established and designed to attract attacks on known
vulnerabilities, in order to monitor and log attacks that are launched against the computing
resources. Information gather through Honeypots allows researchers to analyse attacker’s
paths, tools used, purpose and tactics employed (Spitzner, 2003). Unlike other detection
systems, Honeypots are meant to be attacked, and any traffic to a Honeypot is treated as
suspicious (Sharma and Singh, 2012).
Intrusion detection systems are divided into two broad classes; network based intrusion
detection system and host-based intrusion network detection systems. NIDS (network
intrusion detection systems) detects any attempt to alter the normal behaviour of the system
by assessing the network traffic (Kozushko, 2003). HIDs (Host Intrusion Detection Systems)
analyse the process that occurs in the local system. HIDS are further classified into two
categories. Misuse detection which identifies behaviours that are unique to intrusions this
may not be effective as hackers may develop new methods of intrusion. Anomaly detectors
identifies behaviours of intrusions compared to the normal behaviour of the system, the
system will triose a red flag if there are changes to how the system behaves while normal
(Kozushko, 2003).
Combining IDS, IPS, Firewalls and honeypots can therefore result in a very powerful system
as it would detect intrusions, prevent them from harming computing resources and help in
learning how attacks are launched why and by who; through the use of Honeypots. The IDS
and IPS would come in handy in detecting abnormal behaviour from a set of given principles
about a system whereas the Honeypot would aid the IPS in detection method, tools and
tactics employed from collected behaviours of attacks that happened previously.
Research Question 2: IDS and Honeypot development
IDS and Honeypots have been in existence for the last four decades. The journey began with
the model that was designed by James Anderson in 1980 when he drafted a report that
pointed out the security threats faced in the army’s computer security (Ashoor and Gore,
2011). The report published by James was the basis of many security methods like the rule-
based methods; that scanned and compared network traffic against a list of stored threats
(Innella, 2001). In 1986 Dorothy Denning formed a model that used data collected for
anomaly detection (Denning, 1987). This model was based on the theory that violations may
be detected by monitoring a systems audit report for irregular usage. The model collects data
of profiles and knowledge of the behaviours (Denning, 1987). The model was also
independent of any system, system vulnerability, type of intrusion and application
environment. Dorothy model was the nemesis of most IDS systems for example in 1988
MULTIC intrusion detection and alerting system was developed based on the works of
Dorothy 1989 the Los Alamos national laboratory, in SANTA FE, developed the Wisdom
and sense statistic-based anomaly detector (Di Pietro, and Mancini, 2008).
The works of Dorothy - assisted by Lunt - influenced the development of distributed intrusion
detection system which was development in 1991 .The Lawrence Berkley national laboratory
developed a language known as BRO that was used for packet analysis form libcap data.
Snort was also developed using the data collected on libcap analysis. Snort has the largest
user base with the ability to monitor both local and remote points. A Microsoft researcher
based in Beijing; Yongguang Zhang and his colleague Wenke Lee (2006) formulated a model
that targeted mobile nodes (Liu, Tian and Wei, 2006). In 2015 an anomaly-based intrusion
detection engine that focused on mobile devices and applications in the internet of things was
developed.
Research Question 3:
The main difference between firewalls and IDS is that the former restricts access by
screening traffic and deciding what will be allowed in it may also delete the packet or deny it
going back to the sender whereas IDS monitors the network and raises a red flag in case an
anomaly occurs (Thu, 2013). Then other software and protocols may have to be installed to
work on the malicious software that has been encountered.
Firewalls are the most widely used security deployments around the world. This is
particularly so owing to the fact that most operating systems, comes pre-installed with a form
of software-based firewall (Thu, 2013). However, more serious security deployments require
the use of intrusion detection and prevention systems.
Compared to firewall-based network security systems Intrusion detection system monitor a
network asset for anomalous behaviour or misuse. The system also detects system policy
violations (Thu, 2013). All logs of malicious activity are recorded into the administrator’s
server using a security information and event management system. Intrusion detection are
signature based systems which rely heavily on pattern-matching techniques, they usually
contain a database of signatures of previous attacks and match the signatures against the
analysed data, a good example is snort system which is an open source system for detecting
intrusion and anomalies. The system first builds statistical models which describe a normal
network traffic activity and raises a red flag if there is a behaviour that deviates from the
normal activities. Anomaly based systems have the advantages that they can detect attacks as
soon as they take place whereas signature based require a data collation phase to train.
Dorothy 1989 the Los Alamos national laboratory, in SANTA FE, developed the Wisdom
and sense statistic-based anomaly detector (Di Pietro, and Mancini, 2008).
The works of Dorothy - assisted by Lunt - influenced the development of distributed intrusion
detection system which was development in 1991 .The Lawrence Berkley national laboratory
developed a language known as BRO that was used for packet analysis form libcap data.
Snort was also developed using the data collected on libcap analysis. Snort has the largest
user base with the ability to monitor both local and remote points. A Microsoft researcher
based in Beijing; Yongguang Zhang and his colleague Wenke Lee (2006) formulated a model
that targeted mobile nodes (Liu, Tian and Wei, 2006). In 2015 an anomaly-based intrusion
detection engine that focused on mobile devices and applications in the internet of things was
developed.
Research Question 3:
The main difference between firewalls and IDS is that the former restricts access by
screening traffic and deciding what will be allowed in it may also delete the packet or deny it
going back to the sender whereas IDS monitors the network and raises a red flag in case an
anomaly occurs (Thu, 2013). Then other software and protocols may have to be installed to
work on the malicious software that has been encountered.
Firewalls are the most widely used security deployments around the world. This is
particularly so owing to the fact that most operating systems, comes pre-installed with a form
of software-based firewall (Thu, 2013). However, more serious security deployments require
the use of intrusion detection and prevention systems.
Compared to firewall-based network security systems Intrusion detection system monitor a
network asset for anomalous behaviour or misuse. The system also detects system policy
violations (Thu, 2013). All logs of malicious activity are recorded into the administrator’s
server using a security information and event management system. Intrusion detection are
signature based systems which rely heavily on pattern-matching techniques, they usually
contain a database of signatures of previous attacks and match the signatures against the
analysed data, a good example is snort system which is an open source system for detecting
intrusion and anomalies. The system first builds statistical models which describe a normal
network traffic activity and raises a red flag if there is a behaviour that deviates from the
normal activities. Anomaly based systems have the advantages that they can detect attacks as
soon as they take place whereas signature based require a data collation phase to train.
Figure 1.0 the working of a firewall; as seen from the image, a huge amount of different types
of network traffic reach a firewall, the firewall filters and only allows authorised traffic to
reach the end user network.
Figure 2.0 Intrusion detection systems; unlike a firewall which acts as a gate, IDS can be
position at any point in a network; it simply observes the network traffic to determine if an
attack is eminent.
References
Ashoor, A.S. and Gore, S., 2011. Importance of intrusion detection system
(IDS). International Journal of Scientific and Engineering Research, 2(1), pp.1-4.
Denning, D.E., 1987. An intrusion-detection model. IEEE Transactions on software
engineering, (2), pp.222-232.
of network traffic reach a firewall, the firewall filters and only allows authorised traffic to
reach the end user network.
Figure 2.0 Intrusion detection systems; unlike a firewall which acts as a gate, IDS can be
position at any point in a network; it simply observes the network traffic to determine if an
attack is eminent.
References
Ashoor, A.S. and Gore, S., 2011. Importance of intrusion detection system
(IDS). International Journal of Scientific and Engineering Research, 2(1), pp.1-4.
Denning, D.E., 1987. An intrusion-detection model. IEEE Transactions on software
engineering, (2), pp.222-232.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Di Pietro, R. and Mancini, L.V. eds., 2008. Intrusion detection systems (Vol. 38). Springer
Science & Business Media.
Ehlert, S., Geneiatakis, D. and Magedanz, T., 2010. Survey of network security systems to
counter SIP-based denial-of-service attacks. computers & security, 29(2), pp.225-243.
Innella, P., 2001. The evolution of intrusion detection systems. SecurityFocus, November, 16.
Kozushko, H., 2003. Intrusion detection: Host-based and network-based intrusion detection
systems. Independent study.
Liu, Y.H., Tian, D.X. and Wei, D., 2006, January. A wireless intrusion detection method
based on neural network. In Proceedings of the 2nd IASTED international conference on
Advances in computer science and technology (pp. 207-211). ACTA Press.
Patel, A., Qassim, Q. and Wills, C., 2010. A survey of intrusion detection and prevention
systems. Information Management & Computer Security, 18(4), pp.277-290.
Spitzner, L., 2003, December. Honeypots: Catching the insider threat. In 19th Annual
Computer Security Applications Conference, 2003. Proceedings. (pp. 170-179). IEEE.
Sharma, N. and Singh, G., 2012. Intrusion detection system using shadow
honeypot. International Journal of Emerging Technology and Advanced Engineering, 2(8),
pp.17-19.
Thu, A.A., 2013. Integrated intrusion detection and prevention system with honeypot on
cloud computing environment. International Journal of Computer Applications, 67(4).
Science & Business Media.
Ehlert, S., Geneiatakis, D. and Magedanz, T., 2010. Survey of network security systems to
counter SIP-based denial-of-service attacks. computers & security, 29(2), pp.225-243.
Innella, P., 2001. The evolution of intrusion detection systems. SecurityFocus, November, 16.
Kozushko, H., 2003. Intrusion detection: Host-based and network-based intrusion detection
systems. Independent study.
Liu, Y.H., Tian, D.X. and Wei, D., 2006, January. A wireless intrusion detection method
based on neural network. In Proceedings of the 2nd IASTED international conference on
Advances in computer science and technology (pp. 207-211). ACTA Press.
Patel, A., Qassim, Q. and Wills, C., 2010. A survey of intrusion detection and prevention
systems. Information Management & Computer Security, 18(4), pp.277-290.
Spitzner, L., 2003, December. Honeypots: Catching the insider threat. In 19th Annual
Computer Security Applications Conference, 2003. Proceedings. (pp. 170-179). IEEE.
Sharma, N. and Singh, G., 2012. Intrusion detection system using shadow
honeypot. International Journal of Emerging Technology and Advanced Engineering, 2(8),
pp.17-19.
Thu, A.A., 2013. Integrated intrusion detection and prevention system with honeypot on
cloud computing environment. International Journal of Computer Applications, 67(4).
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.