Network Defense-in-Depth: Evaluating Host-Based Intrusion Detection Systems

摘要

As networks grow, their vulnerability to attack increases. DoD networks represent a rich target for a variety of attackers. The number and sophistication of attacks continue to increase as more vulnerabilities and the tools to exploit them become available over the Internet. The challenge for system administrators is to secure systems against penetration and exploitation while maintaining connectivity and monitoring and reporting intrusion attempts. Traditional intrusion detection (ID) systems can take either a network or a host- based approach to preventing attacks. Many networks employ network-based ID systems. A more secure network will employ both techniques. This thesis will analyze the benefits of installing host-based ID systems, especially on the critical servers (mail, web, DNS) that lie outside the protection of the network ID system/Firewall. These servers require a layer of protection to ensure the security of the entire network and reduce the risk or attack. Three host-based ID systems will be tested and evaluated to demonstrate their benefits on Windows 2000 Server. The proposed added security of host-based ID systems will establish defense-in-depth and work in conjunction with the network-based ID system to provide a complete security umbrella for the entire network.