3.1.16+Adv.+&+Disad.+of+network+security+methods

__3.1.16 Evaluate the advantages and disadvantages of a variety of methods for network security.__
 * =Intrusion Detection System (IDS) =
 * security system detecting malicious activity
 * 2 types
 * 1) host based (HIDS)
 * on individual system (can’t look further)
 * 2) network-based (NIDS)
 * on network → sees traffic (can’t look into individual systems)
 * logic components:
 * traffic collector/sensor
 * collects activities/events
 * HIDS: e.g. log files, audit logs, traffic
 * NIDS: e.g. copies traffic (sniffer)
 * analysis engine
 * examines collected and compares to known patterns from signature database
 * signature database
 * patterns/definitions of known malicious activity
 * User interface (& reporting)
 * alerts for human
 * Connection to the OSI & TCP/IP Model
 * operates on Layers 3-6
 * Layer 6: Presentation (configures data)
 * HIDS can examine encrypted data
 * Layer 5: Session
 * intercepts communication of malicious activity detected
 * Layer 4: Transport
 * detects invalid TCP packets
 * Layer 3: Network
 * packets created → detects invalid TCP packets


 * Advantages |||| Disadvantages ||
 * * easy to install
 * not much extra |||| * needs frequent updating of signature database, as software only identifies known attacks happening in a specific way
 * administrator needed to investigate attack and patch exploit
 * don’t report whether attack successful or failed ||
 * HIDS || NIDS || HIDS || NIDS ||
 * * <span style="font-family: Arial,Helvetica,sans-serif;">can examine encrypted data
 * <span style="font-family: Arial,Helvetica,sans-serif;">detects which users attacked
 * <span style="font-family: Arial,Helvetica,sans-serif;">can handle switch-based networks || * <span style="font-family: Arial,Helvetica,sans-serif;">few devices needed
 * <span style="font-family: Arial,Helvetica,sans-serif;">‘cheap’
 * <span style="font-family: Arial,Helvetica,sans-serif;">can be undetectable to hacker || * <span style="font-family: Arial,Helvetica,sans-serif;">needs network traffic of its own → can reduce performance
 * <span style="font-family: Arial,Helvetica,sans-serif;">can be irritated by DoS attack
 * <span style="font-family: Arial,Helvetica,sans-serif;">consumes resources of host || * <span style="font-family: Arial,Helvetica,sans-serif;">traffic on internal network not analysed
 * <span style="font-family: Arial,Helvetica,sans-serif;">may miss attack during peak-time use
 * <span style="font-family: Arial,Helvetica,sans-serif;">some can’t interpret encrypted data
 * <span style="font-family: Arial,Helvetica,sans-serif;">inefficient for scanning switch-based networks ||

__Web-Filters__
 * searches for content that has to be blocked
 * web-data accesses the network, but before it is forwarded to the target devices the data packages are inspected by a filter
 * there are:
 * malicious activity web-filters
 * searches for package content or patterns of malicious actions
 * website blocking web-filters
 * schools, companies, etc can block specific websites or website “groups” (grouped by companies that sell those packages) for the various reasons


 * advantages are
 * that firewall aren't needed if web-filters are used, since they can be more advanced
 * they can do everything a firewall does and additionally inspects the packages for more advanced security
 * users can be protected from content: not letting those packages into the network
 * younger children can be protected from web content that should not be available for underage children
 * web-filters from parents available
 * companies and schools can block websites so that the students or workers don't get “off track” and work
 * disadvantages are
 * they can always be bypassed
 * for more advanced filters virtual private network tunnels can be used to bypass the filter with encrypted package content that can't be inspected
 * they cost a lot
 * schools and companies pay a lot to get those web-filters with the pre-blocked content for specific groups
 * must be kept secure and updated every month
 * it takes a lot of effort to keep the system updated and to still not cause a lot of trouble to blocking websites that are needed

__MAC Address__ A MAC address is an identifier which is assigned to network interfaces to communicate on the physical network segment. They are used as a Network Address for most network technologies including Ethernet and Wifi. It is applied in the submodel of the OSI layer Data Link. This sub-layer is also called Media Access Control layer. This address is given by the hardware producer. Changing this address causes security problems. MAC address spoofing is the craft of switching your address therefore causing security leaks.

__ARP__

Created By: Lucie Magister, Max Kossatz, Last update: 29/04/2015

Sources: >
 * Conklin, Wm Arthur. Principles of Computer Security: CompTIA Security and beyond. New York: McGraw-Hill, 2010. Print.
 * "CCNP Security: Intrusion Prevention and Intrusion Detection Systems." Cisco Press. N.p., 25 June 2014. Web. 28 Apr. 2015. <http://www.ciscopress.com/articles/article.asp?p=1763920&seqNum=2>.
 * "Intrusion Detection, Response, Integrity." Drtomoconnor. N.p., n.d. Web. 28 Apr. 2015. <http://www.drtomoconnor.com/3100/3100lect07.htm>.
 * "What You Need to Know About Intrusion Detection Systems." WindowSecurity.com. N.p., 18 Nov. 2002. Web. 28 Apr. 2015. <http://www.windowsecurity.com/articles-tutorials/intrusion_detection/What_You_Need_to_Know_About_Intrusion_Detection_Systems.html>.