NETWORK SECURITY: A SURVEY OF MODERN APPROACHES

M. F. Zafar, F. Naheed, Z. Ahmad, M. M. Anwar

Abstract


Security is an essential element of information technology (IT) infrastructure and applications. Concerns about security
of networks and information systems have been growing alongwith the rapid increase in the number of network users
and the value of their transactions. The hasty security threats have driven the development of security products known
as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and protect the network, server
and desktop infrastructure ahead of the threat. Authentication and signing techniques are used to prevent integrity
threats. Users, devices, and applications should always be authenticated and authorized before they are allowed to
access networking resources. Though a lot of information is available on the internet about IDS and IPS but it all is
spread on so many sites and one has to spend a considerable part of his precious time to search it. In this regard a
thorough survey has been conducted to facilitate and assist the researchers. The issues and defend challenges in
fighting with cyber attacks have been discussed. A comparison of the categories of network security technologies has
been presented. In this paper an effort has been made to gather the scattered information and present it at one place.
This survey will provide best available uptodate advancement in the area. A brief description of open source IPS has
also been presented.


Full Text:

PDF

References


Technical White Paper, (2002). ISecurity in

Converged Networks. Avaya labs and

services www.avaya.com

Richard Bejtlich (2004). The Tao of Network

Security Monitoring: Beyond Intrusion

Detection. Publisher: Addison-Wesley.

Network security resources and reporting

problems (2006), http://pangea.stanford.edu/

computerinfo /resources /network/security/

Buyer’s Guide for Intrusion Prevention

Systems (IPS). Juniper Networks, Inc. 2004,

North Mathilda Avenue Sunnyvale, CA

USA

P. Barford, V. Yegneswaran and J. Ullrich,

“Internet intrusions: Global characteristics

and prevalence,” in Proceedings of the 2003

ACM SIGMETRICS, (2003).

C. Zou, D. Towsley and W. Gong, “The

performance of internet worm scanning

strategies,” (2003).

P. Kazienko and P. Dorosz, (2004). Intrusion

Detection Systems (IDS) Part I. http://www.

windowsecurity.com/articles/Intrusion_Detect

ion_Systems_IDS_Part_I

J. Wilander and M. Kamkar. A comparison of

publicly available tools for static intrusion

prevention. In Proc. of 7th Nordic Workshop

on Secure IT Systems, 2002.

J. Wilander and M. Kamkar. A comparison of

publicly available tools for dynamic buffer

overflow prevention. In Proc. of 10th Network

and Distributed System Security Symposium,

(2003).

L. A. Grenier. Practical code auditing.

http://www.daemonkitty.net/lurene, (2002).

R. Jones and P. Kelly. Bounds checking for

C. http://www-ala.doc.ic.ac.uk/~phjk/ Bounds

Checking.html, July (1995).

T. M. Austin, S. E. Breach, and G. S. Sohi.

Efficient detection of all pointer and array

access errors. ACM SIGPLAN Notices, 29,

No. 6, 1994.

R. Hastings and B. Joyce. Purify: Fast

detection of memory leaks and access

errors. In Proceedings of the Winter USENIX

Conference (1992).

O. Ruwase and M. S. Lam. A practical

dynamic buffer overflow detector. In

Proceedings of the 11th Network and

Distributed System Security Symposium,

(2004).

C. Cowan, C. Pu, D. Maier, J. Walpole, P.

Bakke, S. Beattie, A. Grier, P. Wagle, Q.

Zhang, and H. Hinton. Stack-Guard:

Automatic detection and prevention of buffer

overflow attacks. In Proceedings of the 7th

USENIX Security Conference, January

(1998).

T.-C. Chiueh and F.-H. Hsu. RAD: A

compile-time solution to buffer overflow

attacks. In Proc. of 21st Intl. Conf.on

Distributed Computing Systems, (2001).

Vendicator. StackShield GCC compiler

patch.

http://www.angelfire.com/sk/stackshield,

(2001).

H. Etoh. GCC extensions for protecting

applications from stack-smashing attacks.

http://www.trl.ibm. com/projects/security/ssp,

June (2000).

M. Frantzen and M. Shuey. StackGhost:

Hardware facilitated stack protection. In

Proceedings of the 10th USENIX Security

Sumposium, August (2001).

C. Cowan, M. Barringer, S. Beattie, G.

Kroah-Hartman, M. Frantzen, and J. Lokier.

FormatGuard: Automatic protection from

printf format string vulnerabilities. In Pro. of

th USENIX Security Symposium, (2001).

S. Savage, D. Wetherall, A. R. Karlin and T.

Anderson, “Practical network support for IP

traceback,” in SIGCOMM, (2000), pp. 295–

S. Bellovin, “Icmp traceback messages,”

http://www.research.att.com/smb/papers/draf

t-bellovin-itrace-00.txt, (2000).

S. Lin and Tzi-cker Chiueh, (2006) "A Survey

on Solutions to Distributed Denial of Service

Attacks", RPE report, Department of

Computer Science, Stony Brook University,

Stony Brook, US.

C. Brenton and C. Hunt, Mastering Network

Security. Second edition Sybex Inc., UK

(2003).

Technical White Paper, (2003). Event

Horizon™: Lanifex Intrusion Detection

Solution., ver. 1.5, © 2003 CSO Lanifex

GmbH.

Technical White Paper, (2004). Intrusion

Prevention Systems. NSS Labs, Inc.733 Lee

St.Des Plaines, US.

P.J. Barry, 2002. Intrusion Detection –

Evolution beyond Anomalous Behavior and

Pattern Matching. Security Essentials

Version 1.4.

R.A. Kemmerer and G. Vigna, Computer, 35,

No. 4 (2002) 27.

T. Wang, B. Suckow and D. Brown, 2001. A

Survey of Intrusion Detection Systems.

Department of Computer Science, University

of California, San Diego San Diego, CA

, USA.

J.P. Anderson, (1980). Computer Security

Threat Monitoring and Surveillance. James

P. Anderson Co., Fort Washington. Micki

Krause, Harold F. Tipton, (2006). Handbook

of Information Security Management.

Publisher: CRC Press LLC. ISBN:

M. Anwar, M.F. Zafar, Z. Ahmed, (2007). A

Proposed Preventive Information Security

System. International Conference on

Electrical Engineering (ICEE 2007) , UET

Lahore, Pakistan.

R. Bace and P. Mell, (2001). Special

Publication on Intrusion Detection Systems.

Tech. Report SP 800-31, National Institute of

Standards and Technology, Gaithersburg,

Md.

G. Mansfield, K. Ohta, Y. Takei, N. Kato, Y.

Nemoto, Towards trapping wily intruders in

the large, Computer Networks 34 (2000), pp

-670.

K. Scarfone and Peter Me (2007), Guide to

Intrusion Detection and Prevention Systems

(IDPS). Recommendations of the National

Institute of Standards and Technology

Computer Security Division, Information

Technology Laboratory, Gaithersburg, MD

-8930, US.

D.E. Denning, IEEE Trans. Software Eng.,

, No. 2 (1987) 222.

A.K. Ghosh, J. Wanken, and F. Charron,

Detecting Anomalous and Unknown

Intrusions Against Programs. Proc. Annual

Computer Security Application Conference

(ACSAC’98), IEEE CS Press, Los Alamitos,

Calif (1998) 259–267.

K. Ilgun, R.A. Kemmerer and P.A. Porras,

IEEE Trans. Software Eng. 21, No.3 (1995)

U. Lindqvist and P.A. Porras,. Detecting

Computer and Network Misuse with the

Production-Based Expert System Toolset.

IEEE Symp. Security and Privacy, IEEE CS

Press, Los Alamitos, Calif. (1999) 146–161.

C. Endorf, E. Schultz and J. Mellander;

(2004). Intrusion Detection & Prevention.

Published by McGraw-Hill.

C. Krügel, T. Toth, Applying Mobile Agent

Technology to Intrusion Detection, ICSE

Workshop on Software Engineering and

Mobility, Toronto 2001, http://www.elet.

polimi.it/ Users/DEI/Sections/Compeng/Gian

Pietro.Picco/ICSE01mobility/papers/

krugel.pdf.

C. Krügel, T. Toth. Distributed Pattern

Detection for Intrusion Detection, Conf. Proc.

of the Network and Distributed System

Security Symposium NDSS, 2002,

http://www.isoc.org/isoc/conferences/ndss/02

/proceedings/papers/kruege.ps.

J.S. Balasubramaniyan, J.O. Garcia-

Fernandez, D. Isaco, E. Spafford, D.

Zamboni, An Architecture for Intrusion

Detection using Autonomous Agents, 14th

IEEE Computer Security Applications

Conference ACSAC ’98, December 1998,

pages 13-24, http://www.cs.umbc.edu/cadip/

docs/tr9805.ps.

D.J. Ragsdale, C.A. Carver, J.W. Humphries,

U.W. Pooh, Adaptation techniques for

intrusion detection and intrusion response

systems, Proceedings of the IEEE

International Conference on Systems, Man

and Cybernetics, 2000, pages 2344-2349,

http:// www.itoc.usma.edu/ragsdale/pubs/

adapt.pdf

A. Orebaugh and E. Cole., Sys. Admin.

Magazine. 14, No 3. (2005) 44.

N. Desai (2003). Intrusion Prevention

Systems: the Next Step in the Evolution of

IDS. Retrieved from www.securityfocus.

com/infocus.

F. Gong (2003), White paper on Intrusion

Prevention: Myths, Challenges, and

Requirements, McAfee Network Protection,

www.mcafee.com.

Marc Willebeek-LeMair (2005) Anatomy of

an Intrusion Prevention System. Tipping

Point, www.tippingpoint.com.

B. Toxen (2003). Real World Linux®

Security: Intrusion Prevention, Detection, and

Recovery, Second Edition Publisher:

Prentice Hall, www.securityfocus.

com/infocus.

S. Suehring and R. Ziegler (2005). Linux

Firewalls, 3rd Edition Published by Novell

Press.

http://www.juniper.net/solutions/literature/whit

e_papers/200063.pdf

J.D. Guttman, A. L. Herzog, Int. J. Inf. Secur.

(2005) 29–48, Springer-Verlag.

M. Smith, S. Dukin and K. Tan (2006). A

Design for Building an IPS Using Open

Source Products. System Admin Magazine,

The journal for Unix and Linux system

administrators.

C. Brian. (2004). Snort 2.1 Intrusion

Detection, Second Edition. Syngress

Publishing.

C. Kerry and C. Gerg. 2004. Managing

Security with Snort and IDS Tools. O'Reilly &

Associates.

Snorthttp://www.snort.org/docs/snort_manual

/node21.

SnortSam -- http://www.snortsam.net/.

fwsnort -- http://www.cipherdyne.org/fwsnort/.

Snortconfig:--http://www.shmoo.com/~bmc/

software /snortconfig

Snort Inline -- http://snort-inline. sourceforge.

net/

An Introduction to Gateway Intrusion

Detection Systems: Hogwash GIDS

http://www.cansecwest.com/core02/hogwash

.ppt.

Hogwash -- http://hogwash.sourceforge.net/.

LAk-IPS -- http://lak-ips.sourceforge.net.

Better Living Through Mod Security http://

www.hackinthebox.org/article.php?sid=1286

Introducing mod_security -- http://www.

onlamp.com/.

pub/a/apache/2003/11/26/mod_security.html

Web Security Appliance with Apache and

mod_security--http://www.securityfocus.com/

infocus/1739.

ModSecurity -- http://www.modsecurity.org/.

LIDS -- http://www.lids.org.

Overview of LIDS, Part Two http://www.

securityfocus.com/ infocus/ 1502.

Sentry Tools--http://sourceforge.net/projects/

sentrytools.

Grsecurity -- http://www.grsecurity.net.

PSAD -- http://www.cipherdyne.com/psad/.

PortSentry for Attack Detection: Part 1 http://

www.securityfocus.com /infocus/1580

PortSentry for Attack Detection: Part Two

http:// www.securityfocus.com/infocus/1586.

http:// www.ossim.net.

http:// www.lanifex.com/.

McAfee®Protection-in-Depth,www.mcafee

com/.

NetScreen-IDP Juniper Networks www.

juniper.net.

Cisco IPS --www.cisco.com/index.html.

Tipping Point IPS -- www.tippingpoint.com.


Refbacks

  • There are currently no refbacks.