Ashford University ABC Company Compliance Plan Paper For this assignment you will take on the role of a compliance consultant who has been hired to create

Ashford University ABC Company Compliance Plan Paper For this assignment you will take on the role of a compliance consultant who has been hired to create a plan that will assist an institution in meeting its professional or governmental compliance standards.This compliance plan will be based on the scenario you chose and researched in Week 2. Include the following information in your compliance plan.
Carefully review the standards for the option you chose. Identify the specific compliance requirements within the standards, and briefly discuss the business reasons for implementing the standards chosen.
Explain the type of network design that would best meet the standards identified. Revise your network diagram from Week 2, using Visio within your lab environment. This diagram must be copied into your plan document as an image. (The Visio diagram may be included in your assignment by means of a screenshot pasted into your document prior to submission. Assistance with capturing a screenshot of your Visio may be found at Take-a-screenshot.org (Links to an external site.).) Describe how you would recommend segmenting the network in order to best meet compliance standards, providing a rationale for your suggestions and supporting your statements with your research.
Examine the firewall types necessary to ensure the security of the individual network segments within your institutional setting. Create a plan for the implementation of firewalls within each partition of the network.
Analyze the potential uses of intrusion detection systems (IDSs) within each network partition and recommend the placement of IDS within the partitions based on the standards for your institution. Evaluate the controls needed for maintaining your recommended IDS infrastructure and create a brief plan that outlines your recommendations for this maintenance. Provide a rationale for your suggestions supporting your statements with your research.
Classify the types of data included in your chosen scenario and evaluate the IT governance methodologies that apply to the classified data types. Explain which IT governance methodology would need to be implemented within each partition of the network in order to meet compliance standards.
The Compliance Plan
Must be 10 to 15 double-spaced pages in length (not including title and references pages) and formatted according to APA style as outlined in the Ashford Writing Center (Links to an external site.).
Must include a separate title page with the following:

Title of paper
Student’s name
Course name and number
Instructor’s name
Date submitted

Must use at least five scholarly and/or credible professional sources in addition to the course text.

Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources. You may also see the Ashford Library’s Scholarly, Peer Reviewed, and Other Credible Sources for additional information.

Must document all sources in APA style as outlined in the Ashford Writing Center.
Must include a separate references page that is formatted according to APA style as outlined in the Ashford Writing Center.
Carefully review the Grading Rubric (Links to an external site.) for the criteria that will be used to evaluate your assignment. Running Head: THE INTRUSION DETECTION IN COMPANIES
The Intrusion Detection in Companies
Jordan Carter
ISM 642 Information Security and IT Governance
Instructor: Misbahuddin Syed
November 17, 2019
1
THE INTRUSION DETECTION IN COMPANIES
2
The Intrusion Detection in Companies
In the past decades, computer network security has been a great challenge. Recently
most of the government information systems are internet-connected, which exposes the
information to paths of attacks. For this period, companies have been struggling to
implement different methods to protect their data and information (Scarfone, 2012). Intruders
have been trying their level best to corrupt the system and access the information. Network
administrators have been deploying different strategies to curb this menace. The efforts are
seemingly not effective. They opt for intrusion detection mechanisms such as signatures
based- detection, which involves the process of identifying possible occurrence over the
network by relating different names against events that occur. It is used to detect threats from
known sources effectively, while for the unknown threat, it is not favorable. The other
mechanism is anomaly-based detection, which compares standard activity definitions against
event observations to point out crucial aberrations. Unlike signature-based detection,
anomaly-based detection can effectively detect threats from previously unknown sources.
Additionally, stateful protocol analysis is a critical methodology that identifies
deviations by generally accepting protocol activities in each protocol state against the
observation of the events. The method depends on profiles that are vendor developed to
dictate the use of a specific protocol, which differs from anomaly-based detection, which uses
hosts. National Institute of Standard and Technology (NIST) and Institute of Electrical
Engineers (IEEE) are some of the companies that deploy these strategies of data and
information security on their network.
In NIST, an anomaly-based method of malicious detection is considered one of the
most fundamental processes of securing data and information the company holds. An
Intrusion Detection Prevention Systems (IDPS) that uses the anomaly-based mode of
detection contain profiles depicting behaviors that are normal such as network connections,
THE INTRUSION DETECTION IN COMPANIES
3
users, applications, and hosts (Su, 2011). Continuous evaluation of properties of different
activities helps in developing accounts over time. Several features help in creating different
profiles. Some of this characteristic is the frequency that the user sends an email, the trials a
host makes to log in, but fails, the rate of processor utilization by the host over a defined time
duration. Profiles in this methodology can be either dynamic or static.
More so, Static profiles do not change over time unless IDPS requires to create a new
account while dynamic profiles adjust itself once there is the observation of new events.
Over time, static profiles become absolute calling for regeneration. Changing profiles are not
prone to attackers since they do not become inaccurate. The process of coming up with a new
account is not as easy as computing processes rapidly increases complexity. In contrast to
this, IEEE also uses anomaly-based detection techniques, which are dynamic and static. It
seems to be similar, but IEEE deploys a different approach to detection depending on the
nature of the tasks at any time.
To fully and successfully build, deploy and implement Intrusion Detection and
Prevention systems, the system developers should gather the system requirements both from
the user side and developer side to know the exact problems and flaws that the project in
question should address. System developers should conduct a thorough feasibility study and
document the relevant deliverables to ascertain if the project is economically, technically,
legally, timely, and socially viable (McHugh, 2000). The developers should evaluate the
network of an organization to confirm the anticipated system conforms with the available
network. The IDPs should be in line with up-to-date signatures for efficient protection against
malicious actions. The system analysts should always review the security policies that exist
and procedures that relate to IT before selecting any product to develop. The design and
implementation of IDPs depend on the type of technology used.
THE INTRUSION DETECTION IN COMPANIES
4
The National Institute of Standards and Technology (NIST) views intrusion detection
systems as a procedure of keeping an eye on the events that occur via computer networks or
systems. They analyze the events for signs of incidents possibilities that are imminent threats
or violations of computer security. Due to the insecurity issues, NIST has put in place the use
of signature-based, anomaly-based, and stateful protocol analysis to curb this challenge.
NIST integrated signature-based detection systems because it is known to be the most
straightforward detection technique that works using string comparison operations to
compare the recent unit of activities, like log entry or packets, to list signatures. The
methodology is seeking to express patterns or signatures within the company’s data for
analysis.
Signature-based detection then effective by detecting known threats and mostly gives
the right detection but infective when used to detect unknown threats. To correct this, menace
NIST has to set aside a signature corresponding database to always update new threats. The
method can be used alone because it cannot track and understand the communication state
since it still has little understanding of application protocol and network. IEEE does not
solely depend on signature-based detection because it has a challenge in detecting previous
and unknown threats. They despise the method because it faces communication challenges
due to its inability to understand application protocol.
Since signature cannot be depended alone for malware detection, NIST chose to
implement a stateful analysis protocol that can improve the standards of inspection by
incorporating their system with necessary intrusion detection technology. The stateful
protocol technology comprises of an engine at the application layer that analyses protocols by
comparing vendor-developed profiles against events under observation in deviations
identifications (Grochocki, 2012). The methodology is capable of tracking and understanding
network state, application protocols, and transport that have state concepts. For instance, a
THE INTRUSION DETECTION IN COMPANIES
5
user in the authentication state is only limited to perform a few commands, such as providing
usernames or viewing help information.
Stateful analysis protocol methodology helps NIST to detect commands which are of
unexpected sequences. Furthermore, it analyzes the intrusion detection prevention system and
keeps track of all the authenticator who uses each session and accounts for any suspicious
activities. In contrast, IEEE has implemented the use of stateful analysis protocol since it
proves to be one of the best methods of intrusion detection techniques to keep track of its
users who regularly access their system and detects any malicious activities before they are
carried out (Alpcan, 2003). The methodology enables the IEEE organization to maintain high
quality standards of services they offer to their clients.
Anomaly-based IDPs are one of the best methods of detecting and sending alerts
when attacks are recognized though it is not reliable because it provides force alerts
sometimes hence decreasing the reliability in the network. With hybrid systems, we use
signature-based detection ways together with anomaly-based approaches. The latter is applied
mostly to sense attacks accurately while developers and analysts use the former when
reliability is the priority.
THE INTRUSION DETECTION IN COMPANIES
6
Reference
Scarfone, K., & Mell, P. (2012). Guide to intrusion detection and prevention systems (idps)
(No. NIST Special Publication (SP) 800-94 Rev. 1 (Draft)). National Institute of
Standards and Technology.
Alpcan, T., & Basar, T. (2003, December). A game theoretic approach to decision and analysis
in network intrusion detection. In 42nd IEEE International Conference on Decision and
Control (IEEE Cat. No. 03CH37475) (Vol. 3, pp. 2595-2600). IEEE.
McHugh, J., Christie, A., & Allen, J. (2000). Defending yourself: The role of intrusion
detection systems. IEEE software, 17(5), 42-51.
Grochocki, D., Huh, J. H., Berthier, R., Bobba, R., Sanders, W. H., Cárdenas, A. A., &
Jetcheva, J. G. (2012, November). AMI threats, intrusion detection requirements and
deployment recommendations. In 2012 IEEE Third International Conference on Smart
Grid Communications (SmartGridComm) (pp. 395-400). IEEE.
Su, M. Y. (2011). Prevention of selective black hole attacks on mobile ad hoc networks through
intrusion detection systems. Computer Communications, 34(1), 107-117.
SECURING THE COMPUTING INFRASTRUCTURE
JORDAN CARTER
ISM 642 INFORMATION SECURITY AND IT GOVERNANCE
INSTRUCTOR: MISBAHUDDING SYED
NOVEMBER 14, 2019
OVERVIEW AND ORGANIZATIONAL PROBLEM
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) form the IDPS, a vital part of the
network infrastructural security that detects cyber threat containing malware signatures, flag, blacklist and
reset the system.
• During a meeting with the IT team on Monday, the CEO presented a 2018 report by csoonline.com.
• In the recent past, significant data breaches have occurred in the U.S causing massive losses in the company
(Armerding, 2019).
• The CEO is concerned with the application of IDPS to detect and prevent attacks on the IT infrastructure.
TYPES IDS/IPS AND TOOLS USED
The company can use three types of IDSs/IPSs;
• Host based intrusion detection system (HIDS)
• Network based intrusion system (NIDS)
• Wireless intrusion detection system (WIDS)
TOOLS
HIDS
NIDS
WIDS
SEM
SEM
SEM
OSSEC
BRO
Suricata
Snort
SOLARWINDS SECURITY EVENT MANAGER (SEM)
• NIDS and HIDS make high use of the tool
in automated threat remedy solution.
• Administrators can easily monitor the
system, forward the issue, archive the login
files after back up and later build transit
after system storage encryption.
OSSEC
• Technically, this open source application can be
found
in
HIDS
and
NIDS
for efficient
processing although it does not have user
interface.
• The will organize all company sort log files
using malicious file detection polices to detect
unusual behaviors in the system.
SNORT
• Cisco owns this open source project and
sniffer system best used in NIDS.
• The snipper system scans the network to
collect copies of data traffic in the
system.
• To detect intrusion, Snort will apply base
policies to the traffic copies.
BRO
• The tool can be used on WIDS and NIDS, it
specifically eliminates weaknesses of the Snort.
• The tool uses anomaly based detection and signature
based detection to spot bit level patterns that
effectively detect presence of abnormal behavior.
• The detection process starts with bro event engine
through buffering level and assessment by policy
scripts.
SURICATA
• Suricata operates just like BRO but signature
detection systems operate at the application
layer.
• They include program processing the detection
process.
• It can also examine certificates and request as
well as extracting segments from bit levels for
virus protection.
• There is extra compatibility level provided by
compatibility with snort.
PLACEMENT POINTS
• NIDS (e.g. A snort) sensors are placed in network
check points (Hill, 2008).
• HIDS are positioned inside the network security
Snort placement
firewall.
• WIDS(e.g. NEMS) can be placed behind the firewall
on the edge of your network.
HIDS placement
REFERENCES
• Hill, W. (2008). Best Practices for Deploying Intrusion Prevention Systems. A better approach to
securing networks – PDF. Retrieved 14 November 2019, from https://docplayer.net/18707248-Bestpractices-for-deploying-intrusion-prevention-systems-a-better-approach-to-securing-networks.html
• Scarfone, K., & Mell, P. (2012). Guide to intrusion detection and prevention systems (idps) (No. NIST
Special Publication (SP) 800-94 Rev. 1 (Draft)). National Institute of Standards and Technology.
• Talele, N., Teutsch, J., Jaeger, T., & Erbacher, R. F. (2013, February). Using security policies to automate
placement of network intrusion prevention. In International Symposium on Engineering Secure Software
and Systems (pp. 17-32). Springer, Berlin, Heidelberg. Retrieved from
https://pdfs.semanticscholar.org/1b96/72e342e9ebd2a75cd508564a266893162ad7.pdf
Snort Screenshots
Jordan Carter
ISM 642 Information Security and IT Governance
Instructor: Misbahuddin Syed
November 12, 2019
Running head: INTRUSION DETECTION SYSTEMS
Intrusion Detection Systems
Jordan Carter
ISM 642 Information Security and IT Governance
Instructor: Misbahuddin Syed
November 11, 2019
1
INTRUSION DETECTION SYSTEMS
2
Types of Intrusion Detection Systems and their Uses
Intrusion detection systems are basically classified into two types. The Host intrusion
detection systems (HIDS) or host-based intrusion detection is the first type. This system work by
examining events within a computer over the network instead of examining the traffic that is within
the system. This detection system of intrusion normally works by examining data that is contained
in an admin file on a computer that they protect. Such files will include config files and log files.
The intrusion detection system normally backs up the config files such it becomes possible to
restore the settings in case a malevolent virus makes the system security loose by changing the
computer setup. Also, when there is a need to guard the system from root access, the host intrusion
detection system will not help in blocking the changes. Instead, this type of intrusion detection can
only alert the user when the access tries to occur. For the host intrusion detection, they have
monitors that are installed on the software. Although they can be used to monitor a single
computer, it is more effective when installed in every device with the network. This is because it
is not advisable to overlook any config changes occurring any device in the system. The advantage
of using a host intrusion detection system is that when having more than one host on the network,
one does not necessarily need to log into all of them so that they can get the feedback. Due to this,
when using this type of detection system, it is advisable to use a model that is centralized. This
necessitates the use of a system that will encrypt the communications between the central monitor
and the host agents (Cooper, 2019).
The second intrusion detection system is the network intrusion detection system (NIDS).
As the name suggests, this detection system is network-based, and it is, therefore, also called
network-based intrusion detection. It works by examining the traffic with a network. It is because
of its method of operation that it must have a packet sniffer, which helps it in gathering network
INTRUSION DETECTION SYSTEMS
3
traffic, which is followed by analysis. Its engine for analysis is based on rules, and as a result, it
can be modified occasionally by the addition of user rules. In most cases, system providers or user
communities provide these rules, thus allowing one to import them and implement them in their
own system. As the user familiarizes themselves with the syntax rules specific to their network
intrusion detection system, it becomes possible to create their own rules. Although the NIDS
system is based on rules that gather traffic, it does not mean that one must dump all the gathered
traffic into selected files or even run all of them through the dashboard. If this happens, a problem
may arise in which it becomes difficult to analyze all the data. Therefore, when using the NIDS
system, the rules which initiate the analysis are the same rules that are tasked with creating
selective capture of data. For instance, a rule that is meant for a given type of bothersome HTTP
traffic on the NIDS system will only gather and accumulate HTTP packets that bear the described
characteristics. For proper operation, the NIDS system should be installed on a hardware piece that
is dedicated. In most cases, purchased solutions will come with a network kit that is pre-loaded.
However, this does not mean that one must pay heavily to get the specialist hardware since the
system does not need a sensor module for picking up the traffic. The user can load the system into
a local area network analyzer or even opt to assign a computer to carry out the task. The device
chosen should have good clock speed so that it does not slow the network (Dunning-Kruger,
Nguyen, Dung, & Zwakman, 2019).
Optimum Locations for IDS on a Corporate TCP/IP Network and how IDSs can be used to
Complement Firewalls
An intrusion detection system (IDS) aim is to discover attempts of unauthorized computer
network access by analyzing traffic on the network for malicious activities in real-time. An IDS
essentially has no control over the traffic on the network it works is to monitor. Generally, IDS is
INTRUSION DETECTION SYSTEMS
4
placed before or after the router of the server. Several models that can be implemented for an id
on a network. Port switch spanning allows the ids sensors to collect traffic on the network through
mirroring or viewing and making one-way disconnects. Another model is the network tap, where
an external physical device or port collects the network traffic on the uplink of external or internal
networks. Lastly, the inline model where the physical device is placed between two segments and
cables are interconnected physically to go through the processing before passing over to other
equipment on the network such as routers and switches (Abdulhammed, Faezipour, & Elleithy,
2017).
An Intrusion Detection System (IDS) helps strengthen the firewall since firewalls only filter, block,
and allows addresses but do not have a method of determining whether the incoming traffic is
malicious or normal. IDS does the work of detecting and looking closely at the traffic to find out
if there is an attack. In addition, if a packet accidentally slips through the intrusion detection system
alerts you if the network is under attack. While a firewall only inspects the header, an intrusion
detection system inspects both the header and the payload. The IDS helps to detect malicious
activities on the network traffic, and the firewall blocks the packets. IDS does the collection of
data audit analyses the collected data and releases an alert when it detects a threat. The firewall
then blocks the intrusions by providing a secure boundary between the untrusted network and a
trusted network like a corporate network (Luntovskyy & Klymash, 2017).
INTRUSION DETECTION SYSTEMS
5
References
Abdulhammed, R., Faezipour, M., & Elleithy, K. (2017). Intrusion Detection System in SelfOrganizing Networks: A Survey. Intrusion Detection and Prevention for Mobile
Ecosystems, 339–392. doi: 10.1201/b21885-13
Cooper, S. (2019, November 7). Intrusion Detection Systems Explained: 11 Best IDS Tools
Reviewed. Retrieved November 11, 2019, from https://www.comparitech.com/netadmin/network-intrusion-detection-tools/.
Dunning-Kruger, Nguyen, A., Dung, N. M., & Zwakman, D. S. (2019, November 7). 10 top
network intrusion detection tools for 2018. Retrieved November 11, 2019, from
https://www.comparitech.com/net-admin/network-intrusion-detectiontools/#Host_Intrusion_Detection_Systems_HIDS.
Luntovskyy, A., & Klymash, M. (2017). Examination of Modern Concepts for Firewalls and
Collaborative Intrusion Detection. Information and Telecommunication Scien…
Purchase answer to see full
attachment