Metrika članka

  • citati u SCindeksu: [2]
  • citati u CrossRef-u:0
  • citati u Google Scholaru:[=>]
  • posete u poslednjih 30 dana:1
  • preuzimanja u poslednjih 30 dana:0
članak: 1 od 1  
Yugoslav Journal of Operations Research
2008, vol. 18, br. 1, str. 109-122
jezik rada: engleski
vrsta rada: neklasifikovan
doi:10.2298/YJOR0801109D


An intrusion prevention system as a proactive security mechanism in network infrastructure
(naslov ne postoji na srpskom)
aGeneral Staff of Serbian Armed Forces, Belgrade
bUniverzitet u Beogradu, Fakultet organizacionih nauka

e-adresa: nenad.dulanovic@vj.yu, dane.hinic@vj.yu, dsimic@fon.bg.ac.yu

Sažetak

(ne postoji na srpskom)
A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS), proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS) are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.

Ključne reči

intrusion prevention system; bouncer; firewall

Reference

Barkett, M. Intrusion prevention systems. http://www.nfr.com/resource/downloads/SentivistIPS-WP.pdf
Baumrucker, C., Burton, J., Dentler, S., i dr. (2003) Cisco security professional's guide to secure intrusion detection systems. Syngress Publishing
CSI (2004) Computer crime and security survey 2004
Endorf, C., Schultz, E., Mellander, J. (2004) Intrusion detection & prevention. McGraw-Hill
Sarang, D., Praveen, K., Sproull, T.S., Lockwood, J.W. (2004) Deep packet inspection using parallel bloom filters. IEEE Micro, vol. 24, br. 1, Jan.pp. 52-61
Schuehler, D.V., Moscola, J., Lockwood, J.W. (2004) Architecture for a hardware-based, TCP/IP content-processing system. IEEE Micro, 24(1): 62
Song, H., Lockwood, J.W. (2005) Efficient packet classification for network intrusion detection using FPGA. u: Proceedings of the International Symposium on Field-Programmable Gate Arrays, FPGA '05, Feb 20-22, Monterey, California
Sproull, T., Lockwood, J. (2004) Wide-area hardware-accelerated intrusion prevention systems (WHIPS). u: Proceedings of the International Working Conference on Active Networking (IWAN), Lawrence, Kansas, 27-29 October
Xinidis, K., Anagnostakis, K.G., Markatos, E.P. (2005) Design and implementation of a high performance network intrusion prevention system. u: Proceedings of the 20th International Information Security Conference (SEC 2005), Makuhari-Messe, Chiba, Japan, May 30-June 1