Publication:
Network defense-in-depth: evaluating host-based intrusion detection systems

Loading...
Thumbnail Image
Authors
Yun, Ronald E.
Subjects
Advisors
Harkins, Richard
Date of Issue
2001-06
Date
June 2001
Publisher
Language
Abstract
As networks grow, their vulnerability to attack increases. DoD networks represent a rich target for a variety of attackers. The number and sophistication of attacks continue to increase as more vulnerabilities and the tools to exploit them become available over the Internet. The challenge for system administrators is to secure systems against penetration and exploitation while maintaining connectivity and monitoring and reporting intrusion attempts. Traditional intrusion detection (ID) systems can take either a network or a host- based approach to preventing attacks. Many networks employ network-based ID systems. A more secure network will employ both techniques. This thesis will analyze the benefits of installing host-based ID systems, especially on the critical servers (mail, web, DNS) that lie outside the protection of the network ID system/Firewall. These servers require a layer of protection to ensure the security of the entire network and reduce the risk or attack. Three host-based ID systems will be tested and evaluated to demonstrate their benefits on Windows 2000 Server. The proposed added security of host-based ID systems will establish defense-in-depth and work in conjunction with the network-based ID system to provide a complete security umbrella for the entire network.
Type
Thesis
Description
Series/Report No
Department
Systems Technology
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiii, 67 p. ; 28 cm.
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections