Over time, computers have on very many occasions been vulnerable to interruptions that would otherwise have been avoided had there been better preparation and protection. The urgent need to safeguard computers goes hand in hand with the sophistication of technology as it grows. Understanding particular protocols are considered helpful since using particular capturing software matches with the information of the packets and protocols (Prosisie & Mandia, 2003). Intrusion prevention involves carrying out intrusion detection and trying to stop detected incidents as soon as possible. Intrusion detection and prevention systems are employed with the primary aim of monitoring any incidents and reporting them back to the administrators.
These systems have nowadays become of great importance nearly in every organization since they stand to serve security purposes. “TCP/IP is an abbreviation for Transmission Control Protocol/ Internet Protocol” (Heiser & Heiser, 2007, p.74). It is regarded as the essential language used for communication on the internet. Similarly, IDS is an acronym for Intrusion Detection System thus it is application software that monitors a system or the network activities to detect malicious activities after which it reports to the management or administration.
Computer and network safety is a vital feature of management in information technology. This revolves around noticing and importantly responding to security breaches which currently are on the rise. The rise of mean hackers who use advanced techniques and technology to go through the confined network is getting worse now and then. The introduction of intrusion detecting systems and their concepts are among the latest technology which is aimed at fighting hackers who break and access networks or systems of other individuals. Accessing any kind of information without the rightful permission entails crime and serious action is normally taken among the victims. Computer professionals and expertise tend to misuse their skills by doing unlawful actions to access restricted information in public or private institutions. This is considered lawful and various steps have been taken to curb this emerging habit over the globe.
Many system administrators end up messing with intruders without their know-how. This happens in the case when they sense an attack on their system or network and hence react automatically by solving the problem without taking the required precautions. This approach usually contaminates the required evidence hence making it hard to identify the perpetrator. The use of the new technology educates on how to use and utilize the system uptime while safeguarding the truth of the crime involved (Zacharia & Fadia, 2008). It is therefore recommended that, in case of malicious attacks, you should try using the new technology to identify the hackers.
Computer Forensics is regarded as the most recent branch of security in computers. It focuses on finding out and determining the occurrence of events in accordance. For instance, Computer Forensics determines what happened and damages did thereby identifying the intruders responsible for hacking a particular system or network. This helps and serves as evidence since the results of the investigation can be used in court proceedings.
Computer forensics is based on three A’s which particularly form the spine of forensic analysis. This involves; Acquiring, authenticating, and analyzing data as per requirements. Following the above specifications, the acquired evidence should be obtained without destroying the original data, thus the authenticated evidence should remain the same as the obtained data (Heiser & Heiser, 2007). Finally, the data should be analyzed without being changed.
To unhide or identify the code hidden by the malicious user computer forensic is required for the investigation. Specializing in Windows NT fundamentals and Linux is considered good since they form a bridge to tracking hackers and investigating a person’s system. Generally, a lot of work is involved in the maintenance of Intrusion detection systems (Prosisie & Mandia, 2003). This occurs following improper configuration thus resulting in increased tasks to the overall administrator. Proper maintenance of these systems is required to provide better security.
Intrusion Detection Systems are categorized into two, these are; network intrusion systems for detection which function by investigating and identifying network traffic, and host-based intrusion detection systems, which examines system calls and databases as it identifies them (Heiser & Heiser, 2007). Furthermore, concerning the Intrusion detection systems, they respond to threats that are detected by preventing them from proceeding and this can be done through change of its content of attack or the environment security.
The intrusion detection system works by given procedures and events. This involves correcting its policy.conf file to detect the involved intrusion. Afterward, the QoS server is initiated. This helps in reading the intrusion as reflected in its policy.conf file. Following this is the QOS agent who is responsible for sending information containing machine details to the QOS manager (Zacharia & Fadia, 2008). The manager is responsible for understanding the instructions and thereby sending them to the IDS which is inside the TCP/IP stack. The IDS results in developing policies in the port table. The system further develops an intrusion monitor that depicts the category of intrusion event (Zacharia & Fadia, 2008). Finally, the system administrator investigates the intrusion monitor, therefore, determining the course of security action to proceed with. This may include finishing the interface from where the intrusion came from.
References
Heiser, J.G., & Heiser, W.G. (2007). Computer Forensics Incident Response Essentials. Michgan: Addison-Wesley.
Prosisie, C., & Mandia, K. (2003). Incident response and Computer Forensics. Illinois: Brandaon A. nordin.
Zacharia, M., & Fadia, A. (2008). Network Intrusion Alert An Ethical Hacking Guide to Intrusion Detection. New York: Cengage.