The Rome Laboratory, known as the main command and research facility of the US Air Force, faced more than 100 intrusions by unknown hackers in 1994. The laboratory’s networking systems were accessed using Trojan horse viruses. The hackers were so successful that they eliminated all traces of their actions.
Thanks to advancements in technology, many devices help us detect and prevent such activities at the earliest from out computer networks. A network access system represents a category of devices that can be connected the network to monitor the traffic, including:
network intrusion detection systems
Network Access System: Types
Below are some types of network access systems:
Intrusion Detection System: Network Intrusion Detection System or NIDS is a network security device that monitors the network for any malicious code or attack. By installing a NIDS device on your network, you can check the data packets flowing in and out of networks. However, a NIDS device can only detect the intrusion as and when it occurs and is not capable of preventing the attack.
Intrusion Prevention System: The main task of an intrusion prevention system or IPS is to promote network security. Considered an extension of NIDS, it does this by monitoring whether any malicious activity is taking place on the network on real-time basis. IPS not only detects these unwanted behaviors on the network but also blocks them. It operates in-line without interrupting the normal flow of data to prevent attacks by dropping the malicious packets.
RMON (technology): Remote Network Monitoring or RMON operates in a client/server model. It enables network administrators to monitor and troubleshoot a group of local area networks by providing them with standard information. Monitoring devices called ‘probes’ support RMON as they contain RMON software agents. These agents facilitate information collection and packet analysis. The types of information that a RMON can collect includes statistics by host, bytes sent, packets sent, packets dropped and certain other events.
Port Mirroring: Also called SPAN (Switched Port Analyzer), port mirroring is used on a network switch to monitor network traffic. It does this by communicating with a network monitoring connection, such as Intrusion Detection System (IDS). It sends a copy of all network packets existing on a port or even on VLAN for checking to IDS on another switch port. Almost every enterprise class switch supports port mirroring. It enables network administrators and security analyst to see a network traffic that is not generally visible.