Network Intrusion Prevention Systems-free research paper-02
Over the past several years, networked systems have grown considerably in size and complexity, and become susceptibility to attack. At the same time, the knowledge, tools and techniques available to attackers have also grown in proportion. Unfortunately, defensive techniques have not evolved as quickly due to the reactive nature in which they are used. Current security technologies are reaching their limitations, and more innovative solutions are required to deal with current and future classes of threats. In this paper, The basic computer network concepts and network2based intrusion detection/prevention systems are described, so the readers can define the criterion in selecting an intrusion detection system.
Authentication: This service may be used to prove that the claimed identity of a
communicating principal is valid or that the claimed source of a data unit is valid (i.e.,
data origin authentication) (Bungale, Goodell and Roussopoulos).
2. Access control: This service can be used to protect the information assets and
resources available via OSI from unauthorized access.
3. Data confidentiality: This service protects the data from disclosure to unauthorized
4. Data Integrity: This service ensures that during their transmission the data are not
altered by unauthorized principals. This service may have several forms. Connection
integrity with recovery provides integrity of the data and also detects modification,
insertion, deletion, and replay of data. Selective field connection integrity provides
integrity for selective data fields within a connection. Connectionless versions of the
above services also exist for connectionless data units (Zhang and Janakiraman).
5. Non2repudiation: This service ensures that a principal cannot deny the transmission or
the receipt of a message. This service may take one or both of two forms. With
nonrepudiation with proof of origin, the recipient of the data is provided with proof of
the origin of data, so that the sender cannot later deny that he or she sent the particular
data. With nonrepudiation with proof of delivery, the sender of the data is provided
with proof of the delivery of data, so that the receiver cannot later deny having
received the particular data.
The implementation of the security services is provided through security mechanisms.
These can also be divided into several categories:
Free download research paper