dependable expert writers

With experience gained since 2003, EssayPride successfully completes 98% of all incoming orders. Select options, proceed, and consider your paper done!

Assignment type

Deadline (UTC)

Pages

Search our huge database of over 200,000 free example essays and research papers nearly on any topic imaginable!

Network Administrators And Security Personnel example essay topic

1,538 words

In today's technological world there are many vulnerabilities to the computer networks. If a malicious attacker exposes these vulnerabilities your business could be interrupted causing you thousands of dollars in damage. Not only could you lose business by your network going down but also by the lack in consumer confidence, and the possible penalties imposed on you by the government for not properly securing your customers vital information. There are several methods or concepts available to the network administrators to help them in securing their networks. The concept of defense-in depth, which is a concept that uses multiple defense strategies. This is a concept that all network administrators and security personnel should practice.

Using this method will add several layers of security to your network. Two of those concepts or solutions are DMZ's (Demilitarized Zones) and IDS's (Intrusion Detection Systems). A DMZ is a neutral area between your private, or internal network, and public networks, which are commonly known as the Internet, where you can place services that need to have access and be accessed by the public network. A IDS is a solution or system that if managed and configured properly will assist in the protection of your network by telling you if someone has attempted to gain access or has gained access to your network. There are two basic types DMZ's, which are back to back and three homed. The back-to-back is placed between two firewalls, which are either program or hardware setups used to block unwanted traffic.

The three-homed DMZ is one that has three separate networks. One network goes to the public network, the other goes to your private network, and the third is the one that contains those machines that are running the applications or services that you have in your DMZ. Each company can configure their DMZ with whatever services they want, so although they might be the same basic type they will still be different. One can also have multiple zones within their DMZ so that it adds protection in case one of their zones gets intruded and brought down, the others will still be operational.

One can have separate levels of security added to those zones so that the different applications can be grouped into different security levels. Other solutions can be added to your DMZ, some of those are Honeypots, and IDS's. Honeypots are programs designed to invite attackers to gain access to it so that the attacker's methods and tools used are recorded. Honeypots will not be discussed extensively in this paper.

Another solution is an IDS's, which is a monitor or a sensor that can be placed at various parts of your network so that you can monitor the traffic that is going through that particular segment. If properly configured and monitored a IDS can be a useful tool in helping a security administrator to maintain a secure network. An IDS is a sensor that monitors traffic along a segment where it is placed, it checks that traffic's patterns and compares them to known patterns. If it thinks that one of those patterns is an attack it will notify the administrator. The administrator is then to check that notification and determine if it is a false positive, a false negative, or if it is in fact an attack. A false positive is when the sensor classifies normal traffic as an attack.

A false negative is when the sensor classifies an attack as normal traffic. There are some pros and cons on the use and placement of a IDS. One of the cons is all the false notifications that it sends out, those false notifications amount into an overwhelming amount information that the security personnel needs to shift through to see what is an actual attack. Some of the pros are that it does record all activities that go through the segment where it placed, and it let's you know the tactics and tools that an attacker used to get access to your network. It also let's you know what are the vulnerabilities of your network so that you can repair them to prevent any future attacks.

Also as if configured properly an IDS can be used to gauge the amount of traffic in a corporate environment so that you can detect any policy violations, any illegal activity, and also usage patterns so that an administrator could properly manage the network. Most of the problems today in managing a IDS is that most companies don't have the properly trained security personnel to monitor all the notices that the sensors put out. Also even if they have the proper personnel many times they are not allowed to make changes because of various corporate policies. Another way that a IDS helps secure a network is that it aids in configuration of firewalls and other security solutions by telling you what areas of your firewall or solutions are vulnerable to attack. Also many companies need to determine where they will place their sensors so that they can get the maximum protection.

You will also want to use multiple sensors throughout your network to monitor not only traffic coming in but also traffic going out. A sensor should be placed on all gateways, or connections, that your network has to outside networks as well as internal networks. Other places to put an IDS sensor are right outside your firewall, so that you can monitor all attacks on your firewall, and also in your DMZ, so that if any attack gets through your firewall you can monitor its method so that you can prevent any future attacks. You want to minimize the amount of sensors that you have because each will generate a great amount of data, and it becomes difficult for your security staff to monitor all the traffic. After you have determined the need that you have and the placement of your sensor, you need to determine what other tools will be required to help secure your network, and what hardware you will need. Since no one sensor will be able to monitor all your gateways and traffic, you will need multiple sensors.

On each machine that you use as a sensor you need to keep the minimal amount of software installed on it. You will also need a Management Center so that it communicates with all of your sensor, and a database so that all the information that is gathered can be readily available and readable to your security personnel. All of your software should be installed on your central sensor or management center. You will want to use software like snort to help you harden your IDS, other applications can be used o harden your IDS and to make it easier to manage.

The management console will help build and deploy sensor software to all of your sensors; it will monitor and communicate with the sensors, it serves as a database server that will receive and store the data collected by the sensor machines. Software like MySQL, Apache, PHP, ACID, zLib, and libpcap should be added to your management console so that it facilitates management of your IDS. The proper amount of security needs to be applied to your management console so that someone without permission does not get access to your IDS. It should be configured properly as well because an improperly configured IDS does not help protect your system.

In conclusion there are many ways that your network can be hardened. It is recommended that you use different approaches to harden your network. Properly configured DMZ's and IDS's can help to harden your network. There are different types of DMZ's available that you should consider using to you harden your network. With a IDS, you need to have capable personnel to manage it otherwise it will not help harden your network. Some aspects in properly configuring a IDS is the placement and the amount of sensors being used.

A IDS doesn't have to be placed in an DMZ, but joining both solutions adds security to your network. When you have decided to implement an IDS you need to add a management console so that it facilitates in the upkeep of your network. You also need to test it frequently and keep it updated with the different types of attacks that are being developed. DMZ's will still be a viable security solution in the near and probably distance future due to it's concept and importance in network security. IDS systems are being phased out for a more profitable and manageable solution known as an Intrusion Prevention System (IPS). The reason for this move is that security administrators are trying to be more proactive instead of reactive when it comes to securing there networks.

They are trying to avoid attackers from gaining access to their networks instead of solving whatever damage was caused by a previous intrusion.

Bibliography

Intrusion Detection on a large network, by Jason Bostwick. Submitted February 23, 2004 Using Integrated Security Platforms to Improve Network Security and Reduce Total Cost of Ownership.
By Al Cooley. Released on October 24, 2003.

Things every student should keep in mind

Free example essays found anywhere online are available to anyone, which makes them used, re-used, paraphrased, and abused millions of times.
Watch out, some are poorly written!
We strongly discourage you to submit free essays or any of their parts for credit at your school -- they are easily detected by PLAGIARISM CHECKERS.
Get a brand-new, 100% original paper that will be written especially for you following YOUR EXACT instructions.

100% money back, no questions asked if you paper is plagiarized (this won't happen anyway).

We use a simple but effective principle: one satisfied customer will come back for more, but one who was cheated and misled will tell 10 others too.

Our clients are treated with the highest level of respect that a legitimate student deserves. You, as a customer, will feel this attitude starting from your first contact with our essay service and all the way through.

A significant percentage of cheap essay writing services have also been the source of complaints from students for selling cut and pasted work off the net -- this is a world away from the personalized essay service that EssayPride offers. All our guarantees are always kept -- we are nothing without quality, affordable prices, and the high degree of customer satisfaction!

What our customers say

Piotr S.
Toronto, Canada

I am an ESL student and I am only learning how to write good papers in English. Thanks to EssayPride I am mastering this skill much faster. They help me because they always respond any questions and explain me things I do not understand. They also strictly follow the deadlines and I am never late with my assignments. Thank you very much, guys, your hard work is appreciated. I will surely be ordering more.

Lindsay M.
Winston Salem, NC

Oh my Gosh! My life has become sooo much easier after I've come across this website. I am a working student, so sometimes I am too overwhelmed with so many things and I really need a hand with my papers. I am glad I have found a company I can trust. I have confidence in these guys, because they proved to be good quite a few times.

Kirk N.
Austin, TX

I never leave reviews for products or services because I am quite particular and picky. Surprisingly enough, EssayPride has managed to satisfy all of my requirements, even though I asked for several alterations to the paper they've sent initially. My assignments are quite complicated and it is essential to possess a certain level of knowledge in order to write a decent paper. These guys have managed, so I give them four stars.

Emma Ch.
Birmingham, UK

Customer service is very responsive to your queries, they answer any question within an hour. Even if you have a problem with an order, you can contact them and they will fix it promptly. The quality of writing is very good, writer knows what he is talking about. I had a very positive experience using this website, I will be a returning customer.

Travis J.
Perth, Australia

I used this website more than once and every time my experience turned out to be extremely positive. I think their price-quality ratio is very good, because I couldn't find anyone writing better than these guys, who would work for this money. Thank you!

Myung O.
Seoul, South Korea

I am a Korean student studying in the US. I would like to thank essaypride staff, especially writer Jeff P., for helping me out so much. My grades are good with all your help and I keep calm about the results of my year.

Boyi Zh.
St. Louis, MO

As probably any student, I was quite hesitant about asking somebody else to do my assignments at first. However, after EssayPride has sent me my first paper and I've read it, I understood that I could actually learn a lot from them. The research they've done was impressive and I understood the topic even better than after going to class and reading my textbook. I am not using this website to "cheat", I am using it as a tutoring service, they help me to understand the material better.

Order ANY essay at an affordable price!

Samples of professionally written essays produced by our company. Feel the difference!

Free example essays, top 50

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X-Z

Our website uses cookies. By continuing, you agree to their use. Learn more, including how to control cookies.