25-08-2012, 05:22 PM
INTRUSION DETECTION AND PREVENTION ON CAMPUS COMPUTER NETWORKS: CASE STUDY OF THE FACULTY OF APPLIED SCIENCES
ABSTRACT
The security of a computer network very crucial in computer networking for both network
administrators and network users alike, as a compromise of this network security makes the
services it provides and more specifically the data it holds open to exploits by malicious
people for different purposes. This is particularly so for campus networks in view of the fact
that they not only provide services to promote academic work directly but in many ways are
integrated into the administrative setup of the institutions they serve. This project is thus
aimed at identifying the security threats and vulnerabilities of campus networks, and to
design and develop countermeasures to resolve these threats, vulnerabilities and exploits, to
improve the security of these networks through Intrusion Detection and Intrusion Prevention
(Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS)).
INTRODUCTION
BACKGROUND
At a time when the world is fast becoming a “globalized village” with the developed world
on one hand taking the lead whilst the developing world on the other hand is struggling to
catch up, this seemingly illusive ambition of humankind will remain a futuristic dream
without the excessive and aggressive use of Information Communication Technology (ICT),
as the engine and driving force of this reality in the making.
The success of the highly industrialized nations like the United States of America, the United
Kingdom, China and Japan to mention but a few, has been possible through the
computerization of both simple and complex everyday tasks in the fields of manufacturing,
other large scale industrial activities, generation of electricity, medical service delivery,
meteorology, scientific research , broadcasting, advanced telecommunications and oil drilling
to relatively small domestic activities and systems such as , household security systems,
automated temperature regulation systems, mobile communication and automated windows
and doors among others. The result is a quicker, more efficient and reliable way of doing
things and achieving results in a world where much is demanded from very little and within
very short periods of time. This requires further and extensive infiltration of more advance
compute technology and computerization of the economy of countries both developed and
developing alike. A phenomenon which cannot be overlooked ignored or overemphasized.
Accidental Association
Unauthorized access to company wireless and wired networks can come from a number of
different methods and intents. One of these methods is referred to as “accidental association”.
When a user turns on a computer and it latches on to a wireless access point from a
neighbouring company’s overlapping network, the user may not even know that this has
occurred. However, it is a security breach in that proprietary company information is exposed
and now there could be a link from one company to the other. This is especially true if the
laptop is also hooked to a wired network. (Choi, 2008)
Malicious Association
“Malicious associations” occur when wireless devices can be actively made by crackers to
connect to a company network through their cracking laptop instead of a company access
point (AP). These types of laptops are known as “soft APs” and are created when a cracker
runs some software that makes his/her wireless network card look like a legitimate access
point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the
wired or wireless network, or plant Trojans. Since wireless networks operate at the Layer 2
level, Layer 3 protections such as network authentication and virtual private networks
(VPNs) offer no barrier. Wireless 802.1x authentications do help with protection but are still
vulnerable to cracking. The idea behind this type of attack may not be to break into a VPN or
other security measures. Most likely the cracker is just trying to take over the client at the
Layer 2 level. (Choi, 2008)
Packet Sniffing
Packet sniffers such as Ethereal are powerful tools that have legitimate uses in the hands of a
network administrator. They can be used to analyse and troubleshoot a network. However, in
the hands of an attacker, a sniffer can be used to gather details about the network such as its
topology, routes, and protocols that are in use on the network. But most importantly the
attacker will be able to the actual data being transmitted, which can include among other
things account and password information. Many of the protocols used to communicate on a
network resemble communication with postcards. The information is easy for anyone to see
who may get their hands on it between the source and the final destination. Using sniffers is
one way that confidentiality can be compromised while the data is being transferred over the
network. Integrity can also be violated if the sniffer has data injection capability.