INTRODUCTION
There is always a challenge between attackers and system defenderrs. Attackers continually aim to breach the system for some political and financial reasons or just for making a point to become famous. For these reasons, a cyber system has to be protected against the cyber attacks and cyber breaches. To protect these systems, intrusion prevention and intrusion detection system was found. IPS/IDS technology focuses on detecting, preventing and reporting the cyber-attacks on network or telecommunication infrastructure. It is accomplished by looking at the whole network traffic and content. It creates an advantage of controlling and defending the network against attackers on a single point.
In accordance with the Decree of the President of the Republic of Uzbekistan dated on May 12, 2020 No PF-5992 “ on the 2020-2025 banking system reform strategy of the Republic of Uzbekistan”: Information technologies based on modern services to the banking system, wide support of technology, provision of information technology level, production of necessary updates, provision of information technologies[1].
For effective security reasons, IPS/IDS system becomes a crucial part of network security. The reason for this, IPS/IDS system provides perimeter security and has a capability to prevent and report an attack in single point. Moreover, IPS/IDS system not only creates time for unpatched vulnerabilities but also defends misconfigured systems. IPS/IDS system fills the time gap between a vulnerability is found and the vulnerability’s patch is released. To defend a vulnerable system, IPS/IDS systems are indispensable.
There are two different types of IPS/IDS systems: signature-based and anomaly-based. Anomaly-based IPS/IDS systems are rarely used in practice due to their high false positive rates. A signature-based system uses signatures that are defined from logs of past attacks. It checks new packets against its signature database to detect attacks. In case of a match, the IPS/IDS generates an alert about it.
The goal of this final qualification work thesis consists of identifying and analyzing the ways of securely storing and sharing bank data in the snort environment.
Particular steps were set to achieve these goals:
conduct an extensive review of existing literature, research papers, and industry reports on IDS/IPS systems, focusing on detection and prevention methods;
gather relevant information about attacks, vulnerabilities and network environments to create a suitable test environment.;
set up a controlled environment using virtual machines or a network testbed to simulate attacks and evaluate IDS/IPS techniques;
collect attack signatures, network traffic logs and other relevant data sources;
review recommendations for selecting and configuring the most appropriate IDS/IPS solution based on analysis results;
Final qualification work consists of introduction, three chapters, conclusion and bibliography.
In the first chapter overall information about stating the research objectives, conducting a literature review, describing the research methodology, outlining the structure of the thesis, and setting the stage for the in-depth analysis and evaluation of IDS/IPS methods in the subsequent chapters will be provided.
In the second chapter we can systematically analyze and evaluate the methods of detection and protection of attacks using IDS/IPS systems, in order to solve current problems with specifically focusing on the practical implementation using Snort for Windows.
Third chapter is completely focused on the safety of life activities and ecology by describing particular physical and internal risks specific to banking and reviewing bank-related incidents.
In conclusion part the results and decisions from analyses will be given.
Do'stlaringiz bilan baham: |