Posted: June 3rd, 2021
3-4 Discussion board replies needed. Please I will be awaiting the replies it’s Due in 2 hours. It only a discussion board replies. thank you.
Each replies must be at least 2 Paragraphs each
Due in 2 hours
Reply needed 1
OSSEC is short for Correlator of Open Source Security Events. This well-established and reputable alternative is a free and open-source host-based intrusion detection system created and maintained by the foundation OSSEC thanks to an enormous list of contributors. This project is increasing with about 5000 monthly downloads and is distinguished by its scalability and multi-platform aspect as it operates on Windows, various Linux distributions, and MacOS.
As a HIDS, this instrument enables log assessment, file integrity checking, policy tracking, rootkit detection, and active reaction using both signature and anomaly detection techniques. To detect anomalies, it offers precious insight into system activities. OSSEC uses a server-agent model, which means that a dedicated server provides aggregation and analysis for each host. The measures are fairly simple to install and configure OSSEC, but OSSEC has some disadvantages. For example, if you want to upgrade to a newer version, because of an overwriting operation, you will lose the rules you have defined unless you export the rules and import them after the migration. However, OSSEC is a useful option as a strong log analysis engine if you aggregate various equipment and distinct facilities (internet servers, databases, firewalls, etc.).
My understanding that the main difference between NIDS and HIDS is that Network-based IDS monitors a network segment and Host-based IDS monitors a single system. NIDS is much more real time events and HIDS analyzing the logs for unusual activity after the fact.
Retrieved from: https://www.ossec.net/
Reply needed 2
Smart home control hubs have been a major source of security vulnerabilities for its users. There have been multiple incidents of security vulnerabilities for either the hub itself or devices connected to it. It is unique in the fact it is an always on device and is web connected. The intent of most is the ability to remote control parts of the users’ home from anywhere in the world. Unfortunately, large numbers of these devices are being developed with little to no thought to security. Smart devices have been used to conduct large scale DDoS attacks across the internet (Kolias, Kambourakis, Stavrou, & Voas, 2017). Smart devices, each cable of getting an IP means bot nets can grow exponentially.
I would propose the control hub is a prime example of a device needing the ability to detect intrusion and alert the user/provider of the issues. If a web cam is hacked, the hub should realize the intrusion and quarantine the device.
The IDS could even be distributed. Hussain, Hussain, Hassan, and Hossain (2019) suggest a machine learning state, where all smart devices learn what normal is and can alert when things change. I believe the hub could be the device to house this information.
Hussain, F., Hussain, R., Hassan, S. A., & Hossain, E. (2019). Machine Learning in IoT Security: Current Solutions and Future Challenges. Retrieved from http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=edsarx&AN=edsarx.1904.05735&site=eds-live&scope=site
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and Other Botnets. Computer, 50(7), 80-84. doi:10.1109/mc.2017.201
Reply needed 3
In discussing a system or type of system that would be recommended in protecting with host-based IDS Splunk offers both HIDS and NIDS features that is a host-based intrusion detection system. This is a pure HIDS because it is a system or tool that is free to use and does not include any network-based data alerts. It is also very effective when considering an anomaly-based HIDS. There is a Software-as-a-Service (SaaS) version of Splunk which is called Splunk Cloud, and the top edition of Splunk is called Splunk Enterprise. Between the Free Version and the Enterprise edition sits Splunk Light, which has some service limitations. There is also an online version of Splunk Light, called Splunk Light Cloud. HIDS tools. (2018).
Splunk has workflow automation features that make it an intrusion prevention system. This module is called the Adaptive Operations Framework and it links automated scripts to trigger alerts. The automation of solutions to detected problems is only available with the higher paid options of Splunk. The dashboard of Splunk is very attractive with data visualizations such as line graphs and pie charts. The system includes a data analyzer in all the editions of Splunk. This enables you to view records, summarize, sort, and search them, and get them represented in graphs. HIDS tools. (2018).
Splunk Enterprise Security detects patterns in your data and automatically reviews events for security-relevant incidents using correlation searches. When a correlation search detects a suspicious pattern, the correlation search creates an alert called a notable event. The Incident Review dashboard surfaces all notable events and categorizes them by potential severity so analysts can quickly triage, assign, and track issues. Data models encode specialized domain knowledge about one or more sets of indexed data. They enable Pivot Editor users to create reports and dashboards without designing the searches that generate them. (“Managing Incident Review in Splunk Enterprise Security – Splunk Documentation”, 2019)
6 best HIDS tools. (2018). Comparitech. Retrieved 24 September 2019, from https://www.comparitech.com/net-admin/hids-tools-software/
Managing Incident Review in Splunk Enterprise Security – Splunk Documentation. (2019). Retrieved 24 September 2019, from https://docs.splunk.com/Documentation/ES/5.3.1/Admin/IRoverview
DUE in 2hours
Place an order in 3 easy steps. Takes less than 5 mins.