“ALLAH SWT tidak memberikan semua yang kita inginkan, tetapi DIA memberi apa yang kita perlukan.”Totally agree kan... dalam hidup kite kadang2 x dapat ape yang kite mintak... tp kite akan dapat apa yang kite perlukan shj... konsep ni rasenye boleh apply kat whole life kite kan...
Intrusion Detection System IDS
Intrusion detection system (IDS) monitors network traffic and it monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to malicious traffic by taking action such as blocking the user from accessing the network. Therefore, the attack will be blocked from entering the system.
There are two types of IDS, that is network based Intrusion Detection System (NIDS) and host based Intrusion Detection System (HIDS). In a network based system, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s filtering rules. Meanwhile, in a host based system (HIDS), the IDS examines at the activity on each individual computer or host. A host based (HIDS) monitors the inbound and outbound packets from the device only and will alert the user or administrator of suspicious activity is detected.
The IDS detection technique can be grouped into two. The first one is an anomaly detection. The system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies. The other technique is misuse detection. In misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented which is often learned as signature. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against.
IDS with critical nodes detection for security MANET
Mobile Ad-Hoc Network (MANET) is a peer to peer network. It is self-configuring infra structure less network of mobile devices connected by wireless links. In MANET the host and topology is moving frequently because it is a mobile network. It has no cellular infrastructure and was multi-hop wireless links. Data must be routed using intermediate nodes.
One of the protocols used in MANET is Ad-Hoc Demand Vector (AODV). AODV routing algorithm is a routing protocol designed for ad hoc mobile networks. It maintains the routes as long as they are needed by the sources. AODV also maintains routes for as long as the route is active.
The security issue in MANET is classification that is External Attack vs Internal Attack and Passive Attack vs Active Attack.
Internal Attack – Attack from the inside of the network (e.g employer of the company)
External Attack – Attack outside of the network or organization. These attacks are typically performed by a malicious experienced individual, a group of experienced individuals. (e.g hackers)
-Passive Attack – It cannot detect the past attack.
-Active Attack – Can detect very fast (e.g black hole)
The attack start from early stage of communication building (e.g routing). The routing attack is :
- -Modification
- -Wormhole Attack (tunneling)
-Colluding attackers use “tunnel” between them to forward packets. The attackers place in the very powerful position. The attacker take control of the route by claiming the shorter path.
- - Blackhole Attack
-Malicious node does faksification on the hop count.
- -Denial Of Service (DoS)
- -Invisible Node Attack
- -The Sybil Attack
- -Rushing Attack
- -Non-Cooperation.
The solution for these attack is using Intrusion Detection System (IDS) and encrypt the massage routing.
The talk is about how the company managed a problem that occur during development the system. What should the person in charge should do if something unexpected happen to the software or the system regarding the security matter. To protect this from happen the speaker introduce the VPN virtual private network.
A 'virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.
A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.
