| Organizations more often than not lack comprehensive security policies, and are not prepared to protect their systems adequately against intrusions. While the use of network intrusion detection systems is becoming pervasive, evaluating its performance has been found to be challenging. Firewalls and other simple boundary devices lack some degree of intelligence when it comes to observing, recognizing, and identifying attack signatures that may be present in the traffic they monitor and the log files they collect. In this paper, we begin by studying the types of Intrusion Detection Systems (IDS) the problems associated with it in a LAN/WAN environment.Furthermore, with the help of Wireshark and OPNET, we generate (culled from traces of live intrusive traffic) captured packets of Botnet, SMB and man in the middle (ARP cache) attacks from Pcapr– Mu Dynamics Research Labs and the Open Packets Organisation at openpacket.org for the repository of intrusive traces of those attacks.Our approach with the experiment is simulated using the OPNET? simulator. Simulation results show the detection capabilities of our scheme under three (3) denial of service (DoS) attacks without firewall tunneling, we will see increased Applications response time, increase in transmission delay and considerable decrease in the average network throughput which forms the baseline for our analysis required to maintain energy efficiency and improve security in a LAN/WAN network. |
PDF Full Text Request