A Dissertation Submitted In Partial Fulfilment For The Award Of Master Of Science In Data Communications In The Faculty Of Computing And Information Management At KCA University
The evolution of communication networks has resulted into complex interconnection of devices in wired/wireless networks. While these networks have many benefits, there are security concerns for private and public networks because of untrusted networks and malicious individuals.
The Network Security Administrator is concerned with the security and safety of networks in to prevent and mitigate malicious attacks and network security breaches. There are many commercial and free automated tools that can be used to ensure private/public networks are secure. There is however no framework that can be used to select appropriate tools that will ensure network security. Traditional Network Security use Firewall, Network Address Translation, Virtual Private Network, Network Router or a Proxy server to defense.
This Dissertation provides a framework that will guide the Networks Security Administrator in selecting appropriate vulnerability assessment tools for Intrusion Detection to ensure conformance to standards, laws and legislation. I conduct a detailed literature review and an in depth examination of automated tools and use the findings to develop the framework. An attack can be Host Based Attack or Network Based Attack; Attacks can also be classified as Inside Looking Around attack or Outside Looking in Attack. These attacks can be discovered by Network Misuse Detection or Network Anomaly Detection.
The framework comprises 3 phases: Planning (Network exploration, tool identification and classification), Tool Analysis (examine each tool on software metrics of reliability, portability, usability, maintainability, efficiency and functionality), Evaluation (assign each tool a weight for every software metrics, a ranking for the suitability of the tool to the particular network and match tools that can be used to ensure security and compliance).
The findings show there is no turnkey solution to network security and no tool can singly provide sufficient assurance. Proper selection of a set of tools can result into secure networks and low cost