Comparative analysis of intrusion detection systems on library information systems
Download 133.77 Kb.
|
maqola new (2)
- Bu sahifa navigatsiya:
- File Integrity Checkers
|
COMPARATIVE ANALYSIS OF INTRUSION DETECTION SYSTEMS ON LIBRARY INFORMATION SYSTEMS Bozorov S. M. postgraduate of Department of Information Security, Karshi Branch of TUIT named after Muhammad al-Khwarizmi Email: bek.muminovich.95@mail.ru Shokirov Sh. student of Department of Service of Information Technologies, group ATS 11-19, Karshi Branch of TUIT named after Muhammad al-Khwarizmi Email: shoxruxshokirov9@gmail.com Xushmanova H. student of Department of Information Security, group AX-11-18 Karshi Branch of TUIT named after Muhammad al-Khwarizmi Email: hilolaxushmanova@gmail.com Abstract: Today’s the most significant and unstoppable process is that all the things, including private data and information resources, are becoming connected to the Net, resulting the increase incredibly of data sources with recording and monitoring activities the working field whereas aimed of the privacy policy. The application and development of computer network system bring a great convenience to both library management and people belonged to the online resources, and at the same time, the security of computer network system on information systems is faced with all kinds of threats. How to guarantee the security of network servicing of modern interconnected data reservoirs has become the most important question. This paper analyzes the factors which affect the library network security[1] and also the basic and indivisible source of Intrusion Detection and Prevention Systems (IDPS), Intrusion Detection Systems (IDS) and it’s data security concepts and puts forward corresponding security strategies and solutions, which have become an essential addition to the security infrastructure of nearly every organization. Here comparative analyzis of Intrusion Detection Systems and technologies are discussed. Keywords: Information systems, intrusion detection, hashing, network vulnerability scanner (NVS). Information coming from various response teams, during the last year, a computer was attacked or broken into more than once per second. These statistics may be only the tip of the iceberg as companies develop the ability to identify and track break-ins. The means for identifying and tracking break-ins is called “intrusion detection.” Intrusion detection systems (IDS), which have long been a topic for theoretical research and development, are gaining mainstream popularity as companies move more of their critical business interactions to the Internet. An intrusion detection system can provide advance knowledge of attacks or intrusion attempts by detecting an intruder’s actions. Library and information security is the method which has been used to conserve and preserve the integrity, availability and confidentiality of electronic information. Security control reduces the impact or probability of security threats and vulnerabilities to a level acceptable to the organization [2]. Information security is as important as it has ever been, but the challenges to determine the factors contributing to information insecurity prove to be of complex nature. In libraries, information systems (IS) are widely used to deliver services and collections to local and remote patrons. This is typically done in order to control access to the information in different ways, depending on its importance, its sensitivity, and its vulnerability to theft or misuse. Moreover, connecting a library to the outside world via the Internet has changed the type of risks faced associated with and the controls used to secure the services the IS support [3]. Information security management in the context of library management describes, controls that a library needs to implement to protect its information assets from all potential threats to ensure the confidentiality, integrity and availability of its information resources and help to identify and reduce critical security risks and types of network attacks, for proper management of information security in digital libraries. Libraries should be concerned about security and should spend considerable sums on preventing, detecting and resolving security breaches. In this respect, IDS are a powerful tool in the organization’s fight to keep its computing resources secure. This paper will describe the primary categories of intrusion detection technology and provide some guidance on how to select the right tools. Although some may consider IDS tools just another check box in the audit compliance guideline, they should be planned as an integral part of the organizational network [4]. As computer networks become ever more complex, intrusion detection will take on a greater role in the organization. An IDS is composed of hardware and software elements that work together to find unexpected events that may indicate an attack will happen, is happening, or has happened. Note that we must think in all three tenses; some products warn in advance that an attack may take place, some warn as they notice an attack in progress, and some warn when they notice the after effects of the attack. Fig1. The architecture of the types of intrusion detection systems An Intrusion Detection System (IDS) is a software application or device with main purpose of monitoring the system or activities of network for violation of rules or malicious activities and generates reports to the management system. A number of systems may try to prevent an intrusion attempt exploiting the monitoring data of IDS. The main focus of Intrusion detection and prevention systems (IDPS) is to identify the possible incidents, logging information about them and in report attempts. In addition, organizations use IDPS for other purposes, like identifying problems with security policies, deterring individuals and documenting existing threats from infringing security policies. IDPS have become an essential addition to the security infrastructure of nearly every organization. Various methods can be used to detect intrusions but each one is specific to a specific basic method. The main goal of IDS is to detect the attacks efficiently. Furthermore, it is equally important to detect attacks at a beginning stage in order to reduce their impacts [5]. IDS types range in scope from single computers to large networks and the most common classifications by where detection takes place are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. As the e library information systems are based on network, here we will learn about the NIDS mostly, about using technologies, opportunities and disadvantages. File Integrity Checkers A file integrity checker examines the files on a computer to determine whether they have been altered since the last time the integrity checker was run. The integrity checker keeps a database of hash values for each file. Each time the checker runs, it recalculates the hash value and compares it to the stored value. If the hash values are different, the file has changed, otherwise, the file has not changed. It should be noted that a hash function is a mathematical process for reducing the sequence of bytes in a file to a fixed-length number. The same file will always produce the same hash value and any change in the file is supposed to produce a different value. Unlike encryption, a hash is a one-way function; in fact you cannot produce the original source file from the hash value. It is computationally infeasible to defeat the mathematics in an integrity checker. This makes it a very, very strong tool for detecting changes to files on a computer. It is so strong, in fact, that it is one of the most important tools you can use to detect misuse of computer systems. Integrity checkers can be configured to watch everything on the system. They are extremely flexible. Once attackers compromise a system, they like to do two things. First, they like to cover up their tracks, which means that they will alter system binaries, libraries, or log files to hide the fact that they are or have been on the system. Second, they will make changes to ensure they will have continued access to the system. A properly configured file integrity checker will detect both activities. Finally, integrity checkers consume a considerable number of system resources as they can chew CPU, memory, and disk space [6]. Many administrators will not want to run integrity checkers frequently. This limits their functionality, because a checker run once a month will report so many changes that a real attack has a good chance of going unnoticed. Download 133.77 Kb. Do'stlaringiz bilan baham: 
|