Network Defense-in-Depth: Evaluating Host-Based Intrusion Detection Systems

Yun, Ronald E.; Vozzola, Steven A.

Network Defense-in-Depth: Evaluating Host-Based Intrusion Detection Systems

Active / Technical Report | Accession Number: ADA395808 |

Abstract:

As networks grow, their vulnerability to attack increases. DoD networks represent a rich target for a variety of attackers. The number and sophistication of attacks continue to increase as more vulnerabilities and the tools to exploit them become available over the Internet. The challenge for system administrators is to secure systems against penetration and exploitation while maintaining connectivity and monitoring and reporting intrusion attempts. Traditional intrusion detection ID systems can take either a network or a host- based approach to preventing attacks. Many networks employ network-based ID systems. A more secure network will employ both techniques. This thesis will analyze the benefits of installing host-based ID systems, especially on the critical servers mail, web, DNS that lie outside the protection of the network ID systemFirewall. These servers require a layer of protection to ensure the security of the entire network and reduce the risk or attack. Three host-based ID systems will be tested and evaluated to demonstrate their benefits on Windows 2000 Server. The proposed added security of host-based ID systems will establish defense-in-depth and work in conjunction with the network-based ID system to provide a complete security umbrella for the entire network.

Author(s):

Yun, Ronald E. ; Vozzola, Steven A.

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Master's thesis

Pagination:

0081

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_7_Protection; JCA_6.4.1_Secure Information Exchange; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_6.1.3_Switching and Routing; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_6.1_Information Transport; JCA_8_Building Partnerships; JCA_5_Command and Control; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_3_Force Application; JCA_3.2_Engagement; JCA_3.2.2_Non-Kinetic Means; JCA_5.3_Planning; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate

Modernization Areas:

Microelectronics; Cyber

Communities of Interest:

Cyber

Descriptor(s):

*DEPARTMENT OF DEFENSE, *COMPUTER NETWORKS, *SECURE COMMUNICATIONS, *INTRUSION DETECTION, *INFORMATION SECURITY, ATTACK, THESES, INFORMATION WARFARE, CYBERTERRORISM

Field(s)/Group(s):

Computer Systems

Report Date:

2001 Jun 01

Creation Date:

2001 Nov 14