Evading Intrusion Detection Systems Essay Example for Free

Evading Intrusion Detection Systems Essay As information technology advances its demand and reliance has increase has increased resulting in numerous growths in development and usage of web site. This technology has resulted to be very beneficial to organizational and institutional prosperity for example world of business has benefited a lot from the so called e-commerce. These benefits have on the other hand attracted exploitation of the web site supporting them. Growth in occurrence of exploitation of data sites which handle crucial organizational information have resulted to a major concern over their security and management of risks associated. This concern has resulted to usage of prevention system such as â€Å"Web Application Firewall, intrusion prevention systems and intrusion detection systems† (Vittie, 2007 pp. 1). Intrusions detection systems are protective systems which detect identify and isolate exploitation of computer systems. According to Newsham 1998, intrusion detection is a vital element of computer systems security system which complements other protection machineries. â€Å"By providing information to site administration, ID allows not only for the detection of attacks explicitly addressed by other security components (such as firewalls and services wrappers) but also attempts to provide notification of new attacks unforeseen by other components† (Newsham, 1998 para. 3). They are also very important as they provide organization with forensic information enabling detection of origination of attacks. This can help in following of attackers and make the answerable for their malicious actions. Working of Intrusion Detective Systems (IDS) is geared toward monitoring network of any attackers. In this operation it is hindered by network skilled attackers who are working day and night to be able to counter these systems and continue with their malicious damages. Exploitation in this case can continue in case where IDS may be short of complete scrutiny for the all of behavior perpetuated by a certain protocol. A good example to this is a case where attacker of IDS that is unable to reassemble Internet Protocol (IP) fragment through deliberate â€Å"†¦transmission of attack traffic in fragments rather than complete IP datagrams† (Kreibich, 2001). Internet Protocol end systems are assumed to conduct fragment reassembly and incase of this scenario, the attacker may accomplish intended mission without being noticed by IDS since it may be unable to reconstruct entire datagrams. Evading Intrusion Detection Systems using fragmentation and small packet technique can be said to be an evasion technique designed to confuse detection by IDS. Operations of fragment and small packet are based on ensuring attack payload splits into numerous small packets making IDS to gather the packet steam so as to identify the attack. This is possible through fragmenting the small packets but making of packets with minute payload can as well function. Although the small packet may a not evade any IDS which looks like packet steams, they can be designed to confuse reassembly as well as detection. Following deployment of IDS in 90s evasion, discovery of evasion followed. Evasion this time was â€Å"segmenting a signature into multiple packets, sometimes delaying second part of signature to trigger a network IDS time-out† (Gorton Champion, n. d. pp 2). Since 1997, several way of evading IDS which largely depended on using UNIX command shell potentialities. Later, hackers were able to use shell evasion design for example â€Å"mimicking ROT-13 ‘encryption’ using the TR command† (Gorton Champion, n. d. pp 2). Overlapping fragments has also been in use in that numerous packets with Internet Protocol or Transmission Control Protocol modified to overlap. Protocol violation uses similar technique as overlapping fragment in attempt to evade IDS through deliberate violation of Internet Protocol. Other evading Intrusion Detection Systems are Denial of Service and Inserting Traffic at the Intrusion Detection Systems. The inserted traffics are modified packet which are identified by IDS by computer may not detects becoming the main target. While Denial Service is a system modified to evade detection through overpowering Intrusion Detection System. This is possible through exploiting attacking element by use of large codification. â€Å"In 1999, Ptacek and Newsham demonstrated that commercial Intrusion detection systems had fundamentals flaws at handling the IP and TCP protocols which allowed attacker to trick them into incorrectly reconstructing sessions containing an attack† (Gorton Champion, n. d. pp 4). These two researchers in this field identified that several ways which IDS could not be able to detect invasion through being tricked and lack to attack invasion capable to detect. This was followed by development of programs by Dug Song guided by techniques explained by Ptacek and Newsham. This program is called fragrouter and later developed to fragroute. Attack of server through Hypertext Transfer Protocol (HTTP), â€Å"†¦there are fewer possibility for application evasion than in shell version. If the signature is flawed, an attacker can alter non-essential parts of the attack and avoid the signature,† (Gorton Champion, n. d. pp 4). To counter this inefficiency other forms of IDS were developed these are Mendax and Whisker written by Kang’s and Puppy respectively. In conclusion, evading Intrusion Detective System is still an active field. As ways to counter their malicious behaviors are developed hackers are busy advancing their attacks. This means future and survival of IDS in protecting web site is dependent to continued research in this field. Reference: Vittie, Lori Mac (2007): XSS Evasion—Trying to hide in the all-concealing torchlight; Retrieved on 12th December 2008 from; http://www. f5. com/pdf/white-papers/xss-evasion-wp. pdf Newsham Timothy N. (1998): Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Retrieved on 12th December 2008 from; http://insecure. org/stf/secnet_ids/secnet_ids. html. Kreibich, Christian (2001): Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. Retrieved on 12th December 2008 from; http://www. icir. org/vern/papers/norm-usenix-sec-01. pdf Gorton A. Samuel Champion Terrence G. (n. d): Combining Evasion Techniques to Avoid Network Intrusion Detection Systems. Retrieved on 12th December 2008 from; http://www. skaion. com/research/tgc-rsd-raid. pdf