How to secure web servers by the intrusion prevention system (IPS)?
Yousef Farhaoui
Abstract
Information technology and especially the Internet are playing an increasing role in our society. Approaches by signature show limits on intrusion detection / attacks by the fact that most web vulnerabilities are specifically for specific applications may be developed in-house by companies. Behavioral methods are therefore an interesting approach in this area. An IPS (Intrusion Prevention System) is a tool that is used to enhance the security level. We present here the secure IPS architecture web server. We will also discuss measures that define the effectiveness of our IPS and very recent work of standardization and homogenization of our IPS platform. The approach relies on preventive mechanisms: it is then to develop devices capable of preventing any action that would result in a violation of the security policy. However, experienceand results shows that it is impossible to build a fully secure system for technical or practical reasons.
Keyword
Intrusion prevention, Web server, Architectures, Security.
Cite this article
Refference
[1][1]Myers PA. Subversion: the neglected aspect of computer security. Naval Postgraduate School, Monterey CA; 1980.
[2][2]Anderson JP. Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania; 1980.
[3][3]Tan KM, Killourhy KS, Maxion RA. Undermining an anomaly-based intrusion detection system using common exploits. In recent advances in intrusion detection 2002(pp. 54-73). Springer Berlin Heidelberg.
[4][4]Wagner D, Soto P. Mimicry attacks on host-based intrusion detection systems. In proceedings of the 9th ACM conference on computer and communications security 2002 (pp. 255-64). ACM.
[5][5]Helman P, Liepins G. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering. 1993;19(9):886-901.
[6][6]Vaccaro HS, Liepins GE. Detection of anomalous computer session activity. In IEEE symposium on security and privacy 1989 (pp. 280-9). IEEE.
[7][7]McHugh J. Intrusion and intrusion detection. International Journal of Information Security. 2001;1(1):14-35.
[8][8]Fielding R, Gettys J, Mogul J, Frystyk H, Masinter L, Leach P, et al. Hypertext transfer protocol--HTTP/1.1. 1999.
[9][9]Robertson W, Vigna G, Kruegel C, Kemmerer RA. Using generalization and characterization techniques in the anomaly-based detection of web attacks. NDSS 2006.
[10][10]Mavrommatis NP, Monrose MA. All your iframes point to us. In USENIX security symposium 2008 (pp. 1-16).
[11][11]Paxson V. Bro: a system for detecting network intruders in real-time. Computer Networks. 1999 ;31(23):2435-63.
[12][12]Heberlein LT, Dias GV, Levitt KN, Mukherjee B, Wood J, Wolber D. A network security monitor. In IEEE computer society symposium on research in security and privacy 1990 (pp. 296-304). IEEE.
[13][13]Mukherjee B, Heberlein LT, Levitt KN. Network intrusion detection. Network, IEEE. 1994; 8(3):26-41.
[14][14]Roesch M. Snort: lightweight intrusion detection for networks. In LISA 1999; 99 (1): 229-38.
[15][15]Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A sense of self for unix processes. In IEEE symposium on security and privacy 1996 (pp. 120-8). IEEE.
[16][16]Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: alternative data models. In IEEE symposium on security and privacy 1999 (pp. 133-45). IEEE.
[17][17]Ghosh AK, Michael C, Schatz M. A real-time intrusion detection system based on learning program behavior. In recent advances in intrusion detection 2000 (pp. 93-109). Springer Berlin Heidelberg.
[18][18]Kruegel C, Vigna G. Anomaly detection of web-based attacks. In proceedings of the 10th ACM conference on computer and communications security 2003 (pp. 251-61). ACM.
[19][19]Tombini E, Debar H, Mé L, Ducassé M. A serial combination of anomaly and misuse IDSes applied to HTTP traffic. In 20th annual computer security applications conference 2004 (pp. 428-37). IEEE.
[20][20]Estévez-Tapiador JM, García-Teodoro P, Díaz-Verdejo JE. Measuring normality in http traffic for anomaly-based intrusion detection. Computer Networks.2004; 45 (2): 175-93.
[21][21]Ingham KL, Somayaji A, Burge J, Forrest S. Learning DFA representations of HTTP for protecting web applications. Computer Networks. 2007;51(5):1239-55.
[22][22]Ingham KL, Inoue H. Comparing anomaly detection techniques for HTTP. In recent advances in intrusion detection 2007 (pp. 42-62). Springer Berlin Heidelberg.
[23][23]http://webhost.laas.fr/TSF/LIS/Guide.html. Accessed 20 Novmber 2015.
[24][24]Zissman M. DARPA Intrusion Detection Evaluation Datasets.1999.
[25][25]Boudaoud K. Un système multi-agents pour la détection d’intrusions. Proceedings of the Journées Doctorales Informatique et Réseaux (JDIR). 2000.
[26][26]Hochberg J, Jackson K, Stallings C, McClary JF, DuBois D, Ford J. NADIR: an automated system for detecting network intrusion and misuse. Computers & Security. 1993 ;12(3):235-48.
[27][27]Farhaoui Y, Asimi A. Performance method of assessment of the intrusion detection and prevention systems. International Journal of Engineering Science and Technology. 2011;3(7);5916-28.
[28][28]Farhaoui Y, Asimi A. Performance Assessment of Tools of the Intrusion Detection/Prevention Systems. International Journal of Computer Science and Information Security. 2012;10(1):7-13.
[29][29]Farhaoui Y, Asimi A. Performance assessment of the intrusion detection and prevention systems: according to their features: the method of analysis, reliability, reactivity, facility, adaptability and performance. In 6th IEEE international conference sciences of electronics technologies information and telecommunication (SETIT), Sousse, Tunisia 2011.