NETWORK SECURITY: A SURVEY OF MODERN APPROACHES
Abstract
Security is an essential element of information technology (IT) infrastructure and applications. Concerns about security
of networks and information systems have been growing alongwith the rapid increase in the number of network users
and the value of their transactions. The hasty security threats have driven the development of security products known
as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and protect the network, server
and desktop infrastructure ahead of the threat. Authentication and signing techniques are used to prevent integrity
threats. Users, devices, and applications should always be authenticated and authorized before they are allowed to
access networking resources. Though a lot of information is available on the internet about IDS and IPS but it all is
spread on so many sites and one has to spend a considerable part of his precious time to search it. In this regard a
thorough survey has been conducted to facilitate and assist the researchers. The issues and defend challenges in
fighting with cyber attacks have been discussed. A comparison of the categories of network security technologies has
been presented. In this paper an effort has been made to gather the scattered information and present it at one place.
This survey will provide best available uptodate advancement in the area. A brief description of open source IPS has
also been presented.
References
Technical White Paper, (2002). ISecurity in
Converged Networks. Avaya labs and
services www.avaya.com
Richard Bejtlich (2004). The Tao of Network
Security Monitoring: Beyond Intrusion
Detection. Publisher: Addison-Wesley.
Network security resources and reporting
problems (2006), http://pangea.stanford.edu/
computerinfo /resources /network/security/
Buyer’s Guide for Intrusion Prevention
Systems (IPS). Juniper Networks, Inc. 2004,
North Mathilda Avenue Sunnyvale, CA
USA
P. Barford, V. Yegneswaran and J. Ullrich,
“Internet intrusions: Global characteristics
and prevalence,†in Proceedings of the 2003
ACM SIGMETRICS, (2003).
C. Zou, D. Towsley and W. Gong, “The
performance of internet worm scanning
strategies,†(2003).
P. Kazienko and P. Dorosz, (2004). Intrusion
Detection Systems (IDS) Part I. http://www.
windowsecurity.com/articles/Intrusion_Detect
ion_Systems_IDS_Part_I
J. Wilander and M. Kamkar. A comparison of
publicly available tools for static intrusion
prevention. In Proc. of 7th Nordic Workshop
on Secure IT Systems, 2002.
J. Wilander and M. Kamkar. A comparison of
publicly available tools for dynamic buffer
overflow prevention. In Proc. of 10th Network
and Distributed System Security Symposium,
(2003).
L. A. Grenier. Practical code auditing.
http://www.daemonkitty.net/lurene, (2002).
R. Jones and P. Kelly. Bounds checking for
C. http://www-ala.doc.ic.ac.uk/~phjk/ Bounds
Checking.html, July (1995).
T. M. Austin, S. E. Breach, and G. S. Sohi.
Efficient detection of all pointer and array
access errors. ACM SIGPLAN Notices, 29,
No. 6, 1994.
R. Hastings and B. Joyce. Purify: Fast
detection of memory leaks and access
errors. In Proceedings of the Winter USENIX
Conference (1992).
O. Ruwase and M. S. Lam. A practical
dynamic buffer overflow detector. In
Proceedings of the 11th Network and
Distributed System Security Symposium,
(2004).
C. Cowan, C. Pu, D. Maier, J. Walpole, P.
Bakke, S. Beattie, A. Grier, P. Wagle, Q.
Zhang, and H. Hinton. Stack-Guard:
Automatic detection and prevention of buffer
overflow attacks. In Proceedings of the 7th
USENIX Security Conference, January
(1998).
T.-C. Chiueh and F.-H. Hsu. RAD: A
compile-time solution to buffer overflow
attacks. In Proc. of 21st Intl. Conf.on
Distributed Computing Systems, (2001).
Vendicator. StackShield GCC compiler
patch.
http://www.angelfire.com/sk/stackshield,
(2001).
H. Etoh. GCC extensions for protecting
applications from stack-smashing attacks.
http://www.trl.ibm. com/projects/security/ssp,
June (2000).
M. Frantzen and M. Shuey. StackGhost:
Hardware facilitated stack protection. In
Proceedings of the 10th USENIX Security
Sumposium, August (2001).
C. Cowan, M. Barringer, S. Beattie, G.
Kroah-Hartman, M. Frantzen, and J. Lokier.
FormatGuard: Automatic protection from
printf format string vulnerabilities. In Pro. of
th USENIX Security Symposium, (2001).
S. Savage, D. Wetherall, A. R. Karlin and T.
Anderson, “Practical network support for IP
traceback,†in SIGCOMM, (2000), pp. 295–
S. Bellovin, “Icmp traceback messages,â€
http://www.research.att.com/smb/papers/draf
t-bellovin-itrace-00.txt, (2000).
S. Lin and Tzi-cker Chiueh, (2006) "A Survey
on Solutions to Distributed Denial of Service
Attacks", RPE report, Department of
Computer Science, Stony Brook University,
Stony Brook, US.
C. Brenton and C. Hunt, Mastering Network
Security. Second edition Sybex Inc., UK
(2003).
Technical White Paper, (2003). Event
Horizonâ„¢: Lanifex Intrusion Detection
Solution., ver. 1.5, © 2003 CSO Lanifex
GmbH.
Technical White Paper, (2004). Intrusion
Prevention Systems. NSS Labs, Inc.733 Lee
St.Des Plaines, US.
P.J. Barry, 2002. Intrusion Detection –
Evolution beyond Anomalous Behavior and
Pattern Matching. Security Essentials
Version 1.4.
R.A. Kemmerer and G. Vigna, Computer, 35,
No. 4 (2002) 27.
T. Wang, B. Suckow and D. Brown, 2001. A
Survey of Intrusion Detection Systems.
Department of Computer Science, University
of California, San Diego San Diego, CA
, USA.
J.P. Anderson, (1980). Computer Security
Threat Monitoring and Surveillance. James
P. Anderson Co., Fort Washington. Micki
Krause, Harold F. Tipton, (2006). Handbook
of Information Security Management.
Publisher: CRC Press LLC. ISBN:
M. Anwar, M.F. Zafar, Z. Ahmed, (2007). A
Proposed Preventive Information Security
System. International Conference on
Electrical Engineering (ICEE 2007) , UET
Lahore, Pakistan.
R. Bace and P. Mell, (2001). Special
Publication on Intrusion Detection Systems.
Tech. Report SP 800-31, National Institute of
Standards and Technology, Gaithersburg,
Md.
G. Mansfield, K. Ohta, Y. Takei, N. Kato, Y.
Nemoto, Towards trapping wily intruders in
the large, Computer Networks 34 (2000), pp
-670.
K. Scarfone and Peter Me (2007), Guide to
Intrusion Detection and Prevention Systems
(IDPS). Recommendations of the National
Institute of Standards and Technology
Computer Security Division, Information
Technology Laboratory, Gaithersburg, MD
-8930, US.
D.E. Denning, IEEE Trans. Software Eng.,
, No. 2 (1987) 222.
A.K. Ghosh, J. Wanken, and F. Charron,
Detecting Anomalous and Unknown
Intrusions Against Programs. Proc. Annual
Computer Security Application Conference
(ACSAC’98), IEEE CS Press, Los Alamitos,
Calif (1998) 259–267.
K. Ilgun, R.A. Kemmerer and P.A. Porras,
IEEE Trans. Software Eng. 21, No.3 (1995)
U. Lindqvist and P.A. Porras,. Detecting
Computer and Network Misuse with the
Production-Based Expert System Toolset.
IEEE Symp. Security and Privacy, IEEE CS
Press, Los Alamitos, Calif. (1999) 146–161.
C. Endorf, E. Schultz and J. Mellander;
(2004). Intrusion Detection & Prevention.
Published by McGraw-Hill.
C. Krügel, T. Toth, Applying Mobile Agent
Technology to Intrusion Detection, ICSE
Workshop on Software Engineering and
Mobility, Toronto 2001, http://www.elet.
polimi.it/ Users/DEI/Sections/Compeng/Gian
Pietro.Picco/ICSE01mobility/papers/
krugel.pdf.
C. Krügel, T. Toth. Distributed Pattern
Detection for Intrusion Detection, Conf. Proc.
of the Network and Distributed System
Security Symposium NDSS, 2002,
http://www.isoc.org/isoc/conferences/ndss/02
/proceedings/papers/kruege.ps.
J.S. Balasubramaniyan, J.O. Garcia-
Fernandez, D. Isaco, E. Spafford, D.
Zamboni, An Architecture for Intrusion
Detection using Autonomous Agents, 14th
IEEE Computer Security Applications
Conference ACSAC ’98, December 1998,
pages 13-24, http://www.cs.umbc.edu/cadip/
docs/tr9805.ps.
D.J. Ragsdale, C.A. Carver, J.W. Humphries,
U.W. Pooh, Adaptation techniques for
intrusion detection and intrusion response
systems, Proceedings of the IEEE
International Conference on Systems, Man
and Cybernetics, 2000, pages 2344-2349,
http:// www.itoc.usma.edu/ragsdale/pubs/
adapt.pdf
A. Orebaugh and E. Cole., Sys. Admin.
Magazine. 14, No 3. (2005) 44.
N. Desai (2003). Intrusion Prevention
Systems: the Next Step in the Evolution of
IDS. Retrieved from www.securityfocus.
com/infocus.
F. Gong (2003), White paper on Intrusion
Prevention: Myths, Challenges, and
Requirements, McAfee Network Protection,
www.mcafee.com.
Marc Willebeek-LeMair (2005) Anatomy of
an Intrusion Prevention System. Tipping
Point, www.tippingpoint.com.
B. Toxen (2003). Real World Linux®
Security: Intrusion Prevention, Detection, and
Recovery, Second Edition Publisher:
Prentice Hall, www.securityfocus.
com/infocus.
S. Suehring and R. Ziegler (2005). Linux
Firewalls, 3rd Edition Published by Novell
Press.
http://www.juniper.net/solutions/literature/whit
e_papers/200063.pdf
J.D. Guttman, A. L. Herzog, Int. J. Inf. Secur.
(2005) 29–48, Springer-Verlag.
M. Smith, S. Dukin and K. Tan (2006). A
Design for Building an IPS Using Open
Source Products. System Admin Magazine,
The journal for Unix and Linux system
administrators.
C. Brian. (2004). Snort 2.1 Intrusion
Detection, Second Edition. Syngress
Publishing.
C. Kerry and C. Gerg. 2004. Managing
Security with Snort and IDS Tools. O'Reilly &
Associates.
Snorthttp://www.snort.org/docs/snort_manual
/node21.
SnortSam -- http://www.snortsam.net/.
fwsnort -- http://www.cipherdyne.org/fwsnort/.
Snortconfig:--http://www.shmoo.com/~bmc/
software /snortconfig
Snort Inline -- http://snort-inline. sourceforge.
net/
An Introduction to Gateway Intrusion
Detection Systems: Hogwash GIDS
http://www.cansecwest.com/core02/hogwash
.ppt.
Hogwash -- http://hogwash.sourceforge.net/.
LAk-IPS -- http://lak-ips.sourceforge.net.
Better Living Through Mod Security http://
www.hackinthebox.org/article.php?sid=1286
Introducing mod_security -- http://www.
onlamp.com/.
pub/a/apache/2003/11/26/mod_security.html
Web Security Appliance with Apache and
mod_security--http://www.securityfocus.com/
infocus/1739.
ModSecurity -- http://www.modsecurity.org/.
LIDS -- http://www.lids.org.
Overview of LIDS, Part Two http://www.
securityfocus.com/ infocus/ 1502.
Sentry Tools--http://sourceforge.net/projects/
sentrytools.
Grsecurity -- http://www.grsecurity.net.
PSAD -- http://www.cipherdyne.com/psad/.
PortSentry for Attack Detection: Part 1 http://
www.securityfocus.com /infocus/1580
PortSentry for Attack Detection: Part Two
http:// www.securityfocus.com/infocus/1586.
http:// www.ossim.net.
http:// www.lanifex.com/.
McAfee®Protection-in-Depth,www.mcafee
com/.
NetScreen-IDP Juniper Networks www.
juniper.net.
Cisco IPS --www.cisco.com/index.html.
Tipping Point IPS -- www.tippingpoint.com.