Intrusion detection system

Abstract

Security administration plays a vital role in network management task. The intrusion detection systems are primarily designed to protect the availability, confidentiality and integrity of critical network information systems. During recent years, number of intruders on networks has increased so there is a need of reliable network and this is the current hot topic among researchers. Intrusion detection is a technique to detect unauthorized access to the network. An intrusion detection system (IDS) monitors system and network to detect intruders that are trying to gather information on network for which they are not authorized. Snort is one of the IDS tool which can give alert to the authentication user or Network Administrator by giving alarm for misuse of network. Snort Intrusion detection System consists of procedures for detection of illegal activity of system that identify the intruders. Firstly, some important intrusion prevention activities are writing and implementing good security Snort rule. Secondly, planning and performing effective information security like execute the Snort rule to detect attackers coming from external network. Lastly, installing and testing technology based information security system for counting intruders activities like Snort, WinPcap and Wireshark. In information security intrusion detection systems (IDS) works like a burglar alarm in that it detects destruction and activate an alarm. There are 3 types of mode in Snort that can be used to capture packet for illegal activities. When the packets match with the Snort rule, Snort will capture the data and then put it onto a log file. Snort is operated on TCP/IP Network Layer. Therefore, Wireshark acts as a display data platform to do analysis protocol that had captured packets by Snort.