Abstract

Intrusion detection and prevention is one of the most important and fundamental task in an organization’s computer network. Commercially available intrusion detection and prevention systems are costly and overkill for small and medium sized organizations. This paper describes the design and analysis of a network intrusion detection system (NIDS) and network intrusion prevention system (NIPS) using open source tools. The study also describes an open source Database to store the alerts and an open source front end management console application to view the alerts and logs from the proposed Database in any of the modern day web browser. In this particular research Snort was used as an NIDS to detect intrusions and attacks. Snort is a popular open source NIDS with signature based rules for detecting thousands of known attacks. The rules are regularly updated by Snort team to include new attacks and intrusions. SnortSam was used as an NIPS to act upon the alerts detected by Snort. SnortSam blocks the intrusions by sending intruders and attacker’s source IP addresses to firewall in real time. MySQL was used as the Database to store alerts and BASE (Basic Analysis and Security Engine) was chosen as the open source management console application. Juniper Networks switch EX-3200 and Firewall SSG-20 were used as the network devices for connectivity and working of the system. Any other vendor network devices can also effectively be used in design and configuration of the system. The design successfully detected and prevented network intrusions and same can be implemented in any small and medium sized organization for protection of their Computer Networks.

References

• J. Gomez, C. Gil and N. Padilla, “Design of a Snort based Hybrid Intrusion Detection System” International Work-Conference on Artificial Neural Networks, , Salamanca, Spain, June 10-12, 2009, pp. 515-522.
• Mike Smith, “A Design for Building an IPS Using Open Source Products,” in Sans Institute Information security reading room.
• Chang-Su Moon and Sun-Hyung Kim. (2014). Integrated Security System based Real-time Network Packet Deep Inspection. International Journal of Security and Its Applications, pp. 123–135.
• Muhammad Naveed, “Network Intrusion Prevention by Configuring ACLs on the Routers, based on Snort IDS alerts,” in International Conference on Emerging Technologies, Islamabad, 2010, pp. 234-239.
• Bhavini Ahir, Prache Tambakhe and Dr. Kalpesh Lad. (2012, December). Open Source Intelligent Network Intrusion Detection System Analyser. Indian Journal of Applied Research. [online]. 2(3). Available: http://www.worldwidejournals.com/ijar/articles.php?val=ODY3&b1=109&k=28
• Jonathan Sweeny and Rob VandenBrink. (2011, June). The SANS Institute: Creating your own SIEM and Incidence Response Toolkit using open source tools. [online] Available : https://www.sans.org/reading-room/whitepapers/incident/creating-siem-incident-response-toolkit-open-source-tools-33689+&cd=1&hl=en&ct=clnk≷=pk
• S. Vikrama Teja, S. Kranthi Kumar, T.V. Rao, G.Dayanandam. (2013, August). In-line Prevention System using Snort. International Journal of Application and Innovation in Engineering management. [online]. 2(3). Available: www.ijaiem.org/volume2issue8/IJAIEM-2013-08-31-083.pdf
• N. Akhyari and S. Fahmy. (2014, January). Design of a Network Security Tool Using Open-Source Applications. Australian Journal of Basic and Applied Sciences. [online] . 8(4). Available: http://connection.ebscohost.com/c/articles/95511258/design-network-security-tool-using-open-source-applications
• Sutapa Sarkar and Brindha.M. (2014, Julyl). High Performance Network Security using NIDS Approach. International Journal of Information technology and Computer Science. [online]. 6(7) . pp. 47-55. Available: www.mecs-press.org/ijitcs/ijitcs-v6-n7/IJITCS-V6-N7-7.pdf
• Joe Schreiber, “Open Source Intrusion Detection Tools: A Quick Overview” https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview
• Frank Knobbe, “SnortSam, A firewall blocking agent for Snort” SnortSam setup guides http://www.snortsam.net
• Noah Dietrich, “Snort 2.9.7.x on Ubuntu 12 and 14 with Barnyard2, PulledPork, and BASE”. https://www.snort.org/.../snort-2-9-7-x-on-ubuntu-12-lts-and-14-lts
• Joel Else (2011). “GUIs for Snort IDS, The Official Blog of the World Leading Open-Source IDS/IPS Snort” GUIs for Snort http://blog.snort.org/2011/01/guis-for-snort.html
• Rafeeq Ur Rehman, “Intrusion Detection Systems with Snort Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID”, Bruce Perens’s Open Source Series, 2003, Chapter 6.
• Juniper Networks EX Series Ethernet Switches http://www.juniper.net/techpubs/en_US/release- independent/junos/information-products/pathway-pages/ex-series/product/
• Juniper Networks SSG 20 http://www.juniper.net/us/en/products-services/security/ssg-series/ssg20/