Topical Assignment 4

docx

School

Webster University *

*We aren’t endorsed by this school

Course

5100

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

Uploaded by PresidentSandpiperPerson956

Threats to computer network 1 Threats to a computer network Sanjay Kumar Batlahalli Venkataravanappa Webster University

Threats to computer network 2 Introduction In today’s world, computer networks are critical to the functioning of many organizations. However, with the increasing dependence on computer networks, the risk of cyber threats has also risen. Cyber threats such as malware, ransomware, and other malicious attacks can cause significant harm to an organization’s data and reputation. Therefore, it is crucial to monitor computer networks continuously to detect and prevent security threats. This paper aims to discuss three methods to monitor threats to a computer network, including Intrusion Detection System (IDS), Network Traffic Analysis, and Firewall Monitoring. Each method will be explained in detail, including its background information and how it works to detect security threats on computer networks. By using these methods, organizations can enhance their network security posture and minimize the risk of cyber-attacks.(Cisco 2021) Al-Dhief, F. T., Alkandari, A. M., & Alhajri, R. S. (2021). Intrusion Detection System (IDS): Intrusion Detection System (IDS) is a security technology designed to monitor network traffic and identify potential security breaches. IDS systems can be implemented as software or hardware devices and use a variety of detection methods to identify suspicious activity. One type of IDS is signature-based detection, which compares network traffic against a database of known attack signatures. Attack signatures are unique patterns or behaviors associated with

Threats to computer network 3 known threats or attack types, and when a signature is detected in network traffic, the IDS system raises an alarm or takes other appropriate action. Another type of IDS is anomaly-based detection, which involves analyzing network traffic for unusual patterns or behaviors that may indicate a security breach. Anomaly-based IDS systems are designed to adapt to changing network traffic patterns and can detect unknown or zero-day attacks that may not have a known signature. IDS systems can be implemented at different points in the network architecture, including at the perimeter of the network, at specific network segments or hosts, or in the cloud. Some IDS systems are designed to work in conjunction with other security technologies, such as firewalls and intrusion prevention systems (IPS), to provide a layered approach to network security. (Rathore, S., & Park, J. H. 2016). One advantage of IDS is that it can help organizations quickly detect and respond to potential security breaches, reducing the time that attackers have to access or exfiltrate sensitive data. IDS systems can also help organizations comply with regulatory requirements for network security, such as those mandated by the Payment Card Industry Data Security Standard (PCI DSS). However, IDS systems can also produce false positives or false negatives, which can create operational overhead or lead to missed security breaches. False positives occur when an IDS system flags a benign activity as a potential security threat, while false negatives occur when an IDS system fails to detect a real security breach. To address these challenges, some IDS systems use machine learning and artificial intelligence (AI) techniques to improve detection accuracy and reduce false positives and negatives. Other

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Threats to computer network 4 IDS systems incorporate threat intelligence feeds or integrate with security information and event management (SIEM) systems to provide a more comprehensive view of network security threats. Overall, IDS is a powerful tool for monitoring threats to computer networks and can provide organizations with critical insights into potential security breaches. By selecting the appropriate IDS system and implementing it effectively, organizations can improve their network security posture and better protect their critical assets from cyber threats. (Ting, I. H., Chen, P. Y., & Huang, C. Y. 2018) Network Traffic Analysis (NTA) Network Traffic Analysis (NTA) is a method of monitoring and analyzing network traffic to identify potential security threats. This method involves collecting and analyzing network traffic data to identify patterns, anomalies, and potential security breaches. NTA is a critical component of network security and is used to detect various types of network threats, such as malware, unauthorized access, and data exfiltration.(Bujlow, T., & Kijewski, M. 2019) NTA can be performed using various tools and techniques, including deep packet inspection (DPI), flow analysis, and signature-based detection. DPI is a method of analyzing the contents of network packets to identify threats. Flow analysis involves analyzing traffic flows between hosts to detect unusual traffic patterns. Signature-based detection uses pre-defined signatures to detect known threats. One of the main benefits of NTA is its ability to detect threats in real-time. By analyzing network traffic in real-time, NTA can quickly detect and alert security teams to potential threats. Additionally, NTA can provide insights into network behavior, which can be used to improve network performance and optimize security controls.

Threats to computer network 5 NTA can be deployed at various points in the network, such as at the network perimeter, within the network, or at endpoint devices. Some common NTA tools include Wireshark, Snort, Suricata, and Zeek.(Barabosch, T., & Sommer, R. 2020). While NTA can be an effective method of detecting network threats, it is not without its limitations. One of the main challenges of NTA is the high volume of network traffic that must be analyzed. This can result in false positives or missed threats if the NTA solution is not properly configured or monitored. Additionally, NTA may not be able to detect sophisticated attacks that use evasion techniques to avoid detection. In conclusion, Network Traffic Analysis is a powerful method of monitoring and analyzing network traffic to detect potential security threats. By using various techniques such as DPI, flow analysis, and signature-based detection, NTA can provide real-time insights into network behavior and improve network security. However, NTA must be properly configured and monitored to avoid false positives and missed threats.(Al-Dhief, F. T., Alkandari, A. M., & Alhajri, R. S. 2021). Firewall Monitoring Firewall Monitoring is a method of monitoring network traffic through a firewall to detect and prevent security threats. Firewalls are one of the most commonly used security tools for protecting computer networks. They act as a barrier between an organization's internal network and external networks such as the internet, preventing unauthorized access and traffic from entering the network. Firewall Monitoring involves monitoring network traffic passing through a firewall to identify and block potentially malicious traffic. This method includes examining traffic logs to detect

Threats to computer network 6 suspicious activity, analyzing network traffic patterns, and creating rules to block traffic that violates network security policies. (Son, J., & Kim, H. 2021) Firewall Monitoring can be done using various techniques, including stateful packet inspection (SPI), application-layer filtering, and deep packet inspection (DPI). SPI is a firewall technology that monitors the state of network connections and allows only authorized traffic to pass through. Application-layer filtering is a technique used to filter traffic based on application-specific rules. DPI is a method of analyzing the contents of network packets to identify potential threats. One of the main benefits of Firewall Monitoring is its ability to provide real-time protection against network threats. By monitoring network traffic as it passes through a firewall, Firewall Monitoring can detect and block potential threats before they can enter the network. Additionally, Firewall Monitoring can provide valuable insights into network traffic patterns, which can be used to optimize security policies and improve network performance.(Cisco 2021). Firewall Monitoring can be performed using various tools, including commercial firewall products such as Cisco ASA, Fortinet FortiGate, and Palo Alto Networks Firewall, as well as open-source firewall solutions such as pfSense and iptables. While Firewall Monitoring can be an effective method of detecting and preventing network threats, it is not without its limitations. One of the main challenges of Firewall Monitoring is the high volume of network traffic that must be processed. This can result in missed threats or false positives if the Firewall Monitoring solution is not properly configured or monitored. Additionally, Firewall Monitoring may not be able to detect advanced threats that use evasion techniques to avoid detection. In conclusion, Firewall Monitoring is a critical component of network security that involves monitoring network traffic passing through a firewall to detect and prevent potential security

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Threats to computer network 7 threats. By using techniques such as SPI, application-layer filtering, and DPI, Firewall Monitoring can provide real-time protection against network threats and improve network performance. However, it must be properly configured and monitored to avoid false positives and missed threats. (Rashid, F., & Abbas, H. 2017). Conclusion In conclusion, monitoring threats to a computer network is a critical component of network security. Firewall monitoring, network traffic analysis, and intrusion detection systems are just three of the many methods available to help secure a network. By using a combination of these methods, network administrators can gain a comprehensive view of the network and identify and respond to threats in real time. Implementing these methods can help ensure the integrity and availability of a network, as well as protect sensitive data from unauthorized access. (Münz, G., & Oechsner, S. (2019). Son, J., & Kim, H. (2021). Rathore, S., & Park, J. H. 2016 ).

Threats to computer network 8 References Peng, Y., Yang, Z., & Mao, X. (2017). Anomaly-based intrusion detection system for mobile cloud computing. Journal of Network and Computer Applications, 87, 60-67. Rathore, S., & Park, J. H. (2016 ). Signature-based intrusion detection system for advanced persistent threat using enhanced fuzzy association rule mining. Future Generation Computer Systems, 54, 372-382. Ting, I. H., Chen, P. Y., & Huang, C. Y. (2018). A hybrid model for improving accuracy of intrusion detection system . International Journal of Communication Systems, 31(3), e3429 Al-Dhief, F. T., Alkandari, A. M., & Alhajri, R. S. (2021). Network Traffic Analysis Using Machine Learning Techniques : A Review. International Journal of Advanced Computer Science and Applications, 12(4), 400-406. Barabosch, T., & Sommer, R. (2020). Detecting Lateral Movement and Evasion Techniques with Network Traffic Analysis. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 45-53). IEEE. Bujlow, T., & Kijewski, M. (2019). Anomaly Detection in Network Traffic Using Machine Learning Methods . Applied Sciences, 9(13), 2701.

Threats to computer network 9 Rashid, F., & Abbas, H. (2017). Firewall Monitoring: A Comprehensive Review. International Journal of Scientific & Engineering Research, 8(5), 1625-1630. Cisco. (2021). ASA 5500-X with Firepower Services . https://www.cisco.com/c/en/us/products/security/asa-5500-x-with-firepower-services/index.html Son, J., & Kim, H. (2021). A Deep Packet Inspection Engine for Network Security Applications. Journal of Communications and Networks, 23(2), 174-182. Chakraborty, R., & Nandi, S. (2019 ). A survey on intrusion detection system: architecture, security threats and mitigation techniques . Wireless Networks, 25(5), 2621-2639. Münz, G., & Oechsner, S. (2019). Cybersecurity for industrial control systems : A survey. IEEE Transactions on Industrial Informatics, 15(1), 47-53.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Topical Assignment 4

Related Documents