Virtual Machine Intrusions

For the purpose of this assignment snort will be used as intrusion detections systems which is an open source IDS, snort has the ability to monitor traffics in real time and packet locking its also inspecting each packets as they enters into the network, Snort can be used as packet sniffer to analyse the network traffic in order to detect any bizarre looking packets or payloads which might have malicious data in it. Snort can also detect payloads attacks against the network or host system including but not limited to stealth port scan, and buffer overflows.

tools will help to detect intrusions and other suspicious activities on the network. The third challenge is to improve the

Reflecting on several previous studies that have been carried out to compare the performance of the two NIDS, indicated Snort to be efficient in various issues. For instance, the comparison of Snort version 2.8.5.2 to Suricata version 1.0.2 was a clear indication of the strength of each system engine when subjected to the protection of the network. Their testbed incorporated the Ubuntu 10.04 which is a Virtual device accommodated on a VMWare Terminal 6.5 virtual setting operating on a 2.8GHz Quad-Core Intel Xeon CPU that had a 3GB RAM. The research was examining the quickness of detection and the accurateness of under changing rates of network and CPU usage (Albin, 2011). The control of the CPU used the Cpulimit with Tepreplay controlling the network bandwidth. The alert signals was accomplished by introducing six unknown malware that was created using the Metaspoilt framework. The results characterized Snort being efficient with system properties as compared to Suricata, but when functioning in a multi-CPU setting Suricata was extra efficient as a result of fewer false negatives

There are several advantages of using the existing rule sets already created on the Snort web site. One advantage of using the existing rules is that they have been created to work effectively against the common vulnerabilities. Creating your own rule sets require a working knowledge of Snort and having the outcome of the created rule may not yield the desired effect that the administrator is seeking.

The advantages of using rule sets from the Snort website is that Snort has a very flexible rule sets configuration which can enable the administrator to write his own rule sets based on previously seen vulnerability. This flexibility therefore can help the administrator insert new rule sets into the rule base for a newly found attack. Also each rule is developed and tested using the same rigorous credentials and standards the VRT uses for Sourcefire customers.

The Intrusion Detection System (IDS) is a protection scheme which collect and analyze audit data for the entire network.

The goal of intrusion detection is to monitor network assets, detect anomalous behavior, and identify misuse within a network (Ashoor, Gore, 2011). An intrusion detection system (IDS) is a device or software application that monitors network system activities for malicious activity or policy violations and produces reports to a management station (Kashyap, Agrawal, Pandey, Keshri, 2013), additionally there are three types of IDS:

PHAD and Snort are evaluated on 1999 DARPA off-line IDS evaluation data set. They consist of tcpdump files. The week 3, 4 and 5 results are used as inputs. Week 3 is attack free. Week 4 and 5 data consist of attacks and are used in testing. Comparison between PHAD and Snort can be done using three parameters:-

Even with the best laid plans, however, cybersecurity incidents happen. When your cyber space is (inevitably) penetrated by an unauthorized user or some malicious software (malware), your organization must recognize the attack or breach as quickly as possible, that capability, covered in the Detect Core

Firewalls is categorized as a preventive control which is used as a defense shield around IT systems to keep intruders and hacking from occurring, whereas, an Intrusion Detection System (IDS) which is categorized as a detective control is used to detect intrusions that have already occurred (Cavusoglu, Mishra, & Raghunathan, 2005). However, IDSs are not

The IICI, in other words International Investment Company Incorporated is a major investments company that handles big controversial investments for governments and private industries. As ac contractor of the company, I am required to upgrade the digital security of IICI. The company has a very vast investment in military’s equipment.

In the modern and dynamic organizations the management of these firewall rules and policies become extremely cumbersome and complex. As a result, the security problems may creep in, and may create havoc on the security and performance of the organizations’ IS components. An efficient firewall management tool like SecureTrack is a viable solution in these strikingly critical situations, which can help clean up the rules and policies, improve the performance of the firewalls, and eliminate any security leakage (Sohoni, 2010).

Attacks can be classified as “known attacks” or “anomaly based”. Some attacks have signature similar to previous attacks others are novel and may have no common signature. To deal with such variation different techniques are incorporated. Thus, we can say IDS (intrusion detection system) can be classified into 2 main categories. One that uses the signature of previous attacks to estimate or detect intrusion other that checks for anomalies. Both have their limitations and advantages. Biggest limitation of anomaly system is false reports. Thus a third type of system also exists, Hybrid, which uses both the previous two to detect Intrusions.

We can use flows or sessions as a way to determine whether traffic attempting to traverse the firewall is legitimate. We control the state-checking components resident in Juniper Firewall by configuring "flow" settings. These settings allow you to configure state checking for various conditions on the device. You can use flow settings to protect against TCP hijacking, and to generally ensure that the fire-wall is performing full state processing when desired. We take a case study of attack on a network and perform study of the detection of the malicious packets on a Netscreen Firewall. A new solution for securing enterprise networks will be developed here.

The security aspects of virtualization are of vital importance.The cost benefits of virtualization allows enterprises to significantly reduce the space and electrical power required to run data centers and streamline the management of an ever-growing number of servers. Virtualization also provides means for expedient scalability. Given today 's economic climate and cost-cutting mandates, it is not surprising that a firm analyst Gartner recently predicted that 50 percent of workloads will run inside virtual machines by 2012. According to reports from Odyssey, “beyond the benefits of economic savings and enhanced flexibility in capacity planning, virtualization also introduces a number of threats and challenges to the security of organizational information. Among such threats and challenges is the increased network complexity and diminished visibility of the network traffic flowing within the virtual environment, which makes it difficult to detect Malicious “insider” Activity and Attacks. In the event that an internal malicious user or an attacker manages to compromise the virtualization layer, or hypervisor, this could lead to a compromise of all servers hosted on this virtual environment and as a result all applications and data residing in it.”