{"title":"Enhancing Intrusion Prevention in Snort System","authors":"Sarah Abdulrezzak, Firas A. Sabir","doi":"10.1109/DeSE58274.2023.10099757","DOIUrl":null,"url":null,"abstract":"Information systems in businesses, organizations live through continuous evolution, including Centralized data centers, local area networks, and Internet access. Although Internet access offers myriad resources, it also enables the outside world to connect to and engage with local network resources. This generates a vulnerability to organizational information systems, which require security measures. To keep the network secure from unauthorized access and survive an attack without affecting the availability of services to legitimate users; various security measures were forged to provide protected network connection, including intrusion Detection and Prevention System (IDPS). IDPS aims to secure the network from both internal and external Intrusions; acting like a safety net and an additional layer of defense. Network IDPS can identify and mitigate numerous attacks by alerting security administrators, dropping malign packets and blocking offending IPs and potential attacks. Snort is a rule based IDPS. In this paper Snort is used to prevent probing, DoS and brute force attacks by utilizing inline mode and iptable and net filter library. New snort rules are proposed to block the three attacks by dropping their packets. The experimental results of this study show that all the attacks are halted and the prevention rate is about 99 percent for malicious packets.","PeriodicalId":346847,"journal":{"name":"2023 15th International Conference on Developments in eSystems Engineering (DeSE)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 15th International Conference on Developments in eSystems Engineering (DeSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DeSE58274.2023.10099757","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Information systems in businesses, organizations live through continuous evolution, including Centralized data centers, local area networks, and Internet access. Although Internet access offers myriad resources, it also enables the outside world to connect to and engage with local network resources. This generates a vulnerability to organizational information systems, which require security measures. To keep the network secure from unauthorized access and survive an attack without affecting the availability of services to legitimate users; various security measures were forged to provide protected network connection, including intrusion Detection and Prevention System (IDPS). IDPS aims to secure the network from both internal and external Intrusions; acting like a safety net and an additional layer of defense. Network IDPS can identify and mitigate numerous attacks by alerting security administrators, dropping malign packets and blocking offending IPs and potential attacks. Snort is a rule based IDPS. In this paper Snort is used to prevent probing, DoS and brute force attacks by utilizing inline mode and iptable and net filter library. New snort rules are proposed to block the three attacks by dropping their packets. The experimental results of this study show that all the attacks are halted and the prevention rate is about 99 percent for malicious packets.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
