A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products

An IPS or Intrusion Prevention System can be an important component for protecting systems on a network. An IPS is based upon an IDS or Intrusion Detection System with the added component of taking some action, often in real time, to prevent an intrusion once detected by the IDS. This thesis describ...

Full description

Saved in:
Bibliographic Details
Main Author: Mohd Yusnizam Mohamad
Other Authors: Suhizaz Sudin (Advisor)
Format: Learning Object
Language:English
Published: Universiti Malaysia Perlis 2008
Subjects:
Online Access:http://dspace.unimap.edu.my/xmlui/handle/123456789/3298
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.unimap-3298
record_format dspace
spelling my.unimap-32982008-11-24T01:51:48Z A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products Mohd Yusnizam Mohamad Suhizaz Sudin (Advisor) Open source software Computer hackers Software engineering Computer security Computer networks -- Security measures An IPS or Intrusion Prevention System can be an important component for protecting systems on a network. An IPS is based upon an IDS or Intrusion Detection System with the added component of taking some action, often in real time, to prevent an intrusion once detected by the IDS. This thesis describes a design, show how to build, run and manage an IPS using all Open Source products. At a high level an IPS consist of a Network Intrusion Detection System (NIDS) to capture all network traffic flows, analyze the content of individual packets for malicious traffic and generate security events. Then a central rules engine will capture the security events and generate alerts based on the events received. It also have a console to monitor events, alerts and control the NIDS. Lastly, IPS that will take action based on the alerts and attempt to block the malicious traffic. For this design, the Snort IDS [1] provided the base IDS system and rules engine, Snortsam [2] a plug-in for Snort provided the IPS function and BASE [3] an open source PHP application provided the console function. The IPS design described in this thesis integrates a distributed Snort IDS sensor with a Snortsam output plug-in and Snortsam agents running on Linux hosts with IPTables. With this configuration, intrusions are detected at a network level and prevented at a host level. This design could be applied to any small to medium sized network and is written for technical integrators who are interested in building their own IPS without incurring software licensing costs. 2008-11-24T01:51:47Z 2008-11-24T01:51:47Z 2007-04 Learning Object http://hdl.handle.net/123456789/3298 en Universiti Malaysia Perlis School of Computer and Communication Engineering
institution Universiti Malaysia Perlis
building UniMAP Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaysia Perlis
content_source UniMAP Library Digital Repository
url_provider http://dspace.unimap.edu.my/
language English
topic Open source software
Computer hackers
Software engineering
Computer security
Computer networks -- Security measures
spellingShingle Open source software
Computer hackers
Software engineering
Computer security
Computer networks -- Security measures
Mohd Yusnizam Mohamad
A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products
description An IPS or Intrusion Prevention System can be an important component for protecting systems on a network. An IPS is based upon an IDS or Intrusion Detection System with the added component of taking some action, often in real time, to prevent an intrusion once detected by the IDS. This thesis describes a design, show how to build, run and manage an IPS using all Open Source products. At a high level an IPS consist of a Network Intrusion Detection System (NIDS) to capture all network traffic flows, analyze the content of individual packets for malicious traffic and generate security events. Then a central rules engine will capture the security events and generate alerts based on the events received. It also have a console to monitor events, alerts and control the NIDS. Lastly, IPS that will take action based on the alerts and attempt to block the malicious traffic. For this design, the Snort IDS [1] provided the base IDS system and rules engine, Snortsam [2] a plug-in for Snort provided the IPS function and BASE [3] an open source PHP application provided the console function. The IPS design described in this thesis integrates a distributed Snort IDS sensor with a Snortsam output plug-in and Snortsam agents running on Linux hosts with IPTables. With this configuration, intrusions are detected at a network level and prevented at a host level. This design could be applied to any small to medium sized network and is written for technical integrators who are interested in building their own IPS without incurring software licensing costs.
author2 Suhizaz Sudin (Advisor)
author_facet Suhizaz Sudin (Advisor)
Mohd Yusnizam Mohamad
format Learning Object
author Mohd Yusnizam Mohamad
author_sort Mohd Yusnizam Mohamad
title A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products
title_short A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products
title_full A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products
title_fullStr A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products
title_full_unstemmed A design for building and implementation of Network based intrusion detection and prevention system (NIDPS) using open source products
title_sort design for building and implementation of network based intrusion detection and prevention system (nidps) using open source products
publisher Universiti Malaysia Perlis
publishDate 2008
url http://dspace.unimap.edu.my/xmlui/handle/123456789/3298
_version_ 1643787783144210432
score 13.214268