An intrusion prevention system as a proactive security mechanism in network infrastructure

Authors

  • Nenad Dulanović General Staff of Serbian Armed Forces, Belgrade
  • Dane Hinić General Staff of Serbian Armed Forces, Belgrade
  • Dejan Simić Faculty of Organizational Sciences, Belgrade

DOI:

https://doi.org/10.2298/YJOR0801109D

Keywords:

intrusion prevention system, bouncer, firewall

Abstract

A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS), proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS) are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.

References

CSI/FBI, “Computer Crime and Security Survey 2004“, available at the following address: http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf

Baumrucker, C., Burton, J., Dentler, S. et al, Cisco Security Professional's Guide to Secure Intrusion Detection Systems, Syngress Publishing, 2003.

Endorf, C., Schultz, E., Mellander, J., Intrusion Detection & Prevention, McGraw-Hill 2004.

“Technical Overview of The Bouncer“, http://www.cobrador.net/docs/whitepaper.pdf

Barkett, M., “Intrusion Prevention Systems“, http://www.nfr.com/resource/downloads/SentivistIPS-WP.pdf

Xinidis, K., Anagnostakis, K.G., and Markatos, E.P., “Design and implementation of a high performance network intrusion prevention system“, Proceedings of the 20th International Information Security Conference (SEC 2005), Makuhari-Messe, Chiba, Japan, May 30 - June 1, 2005.

Sproull, T., and Lockwood, J., “Wide-area hardware-accelerated intrusion prevention systems (WHIPS)“, Proceedings of the International Working Conference on Active Networking (IWAN), Lawrence, Kansas, USA, October 27 – 29, 2004.

Sarang, D., Praveen, K., Sproull, T.S., and Lockwood, J.W., “Deep packet inspection using parallel bloom filters“, IEEE Micro, Vol. 24, No. 1, Jan. 2004., pp. 52-61.

Schuehler, D.V., and Moscola, J., and Lockwood, J.W., “Architecture for a hardware-based, TCP/IP content-processing system“, IEEE Micro, Vol. 24, No. 1, Jan. 2004., pp. 62-69.

Song, H., and Lockwood, J.W., “Efficient packet classification for network intrusion detection using FPGA“, Proceedings of the International Symposium on Field-Programmable Gate Arrays (FPGA'05), Monterey, California, Feb 20-22, 2005.

Downloads

Published

2008-03-01

Issue

Vol. 18 No. 1 (2008)

Section

Research Articles

License

Copyright (c) 2008 YUJOR

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.