Analysis of Security Configuration for IDS/IPS

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are critical components in ensuring the security of computer networks and systems. With the constant evolution of cyber threats, it is essential to understand the functionalities, benefits, and limitations of these systems. This Thesis provides a comprehensive overview of IDS and IPS, including their history, key features, and implementation strategies. The Thesis begins by introducing the concepts of intrusion detection and prevention, to the differences between the two systems. It presents the historical development of IDS and IPS, from their early origins to the current state-of-the-art solutions. The Thesis delves into the various types of IDS (e.g., network-based, host-based, and hybrid) and IPS (e.g., inline, out-of-band, and hybrid), examining their strengths and weaknesses. It will be discussed how these systems works and it explores key challenges faced by IDS and IPS, including false positives, false negatives, and evasion tactics employed by attackers. Having clear the role of IDS/IPS systems in the field of cyber security, the framework VEREFOO will be presented to better clarify the aim of this Thesis. By offering a comprehensive understanding of VEREFOO, the state of the art and the future application of that; the importance of the framework will be evident at once. After showing the different alternatives of IDS and IPS products on the market, the two chosen for the project will be explained. The Thesis concludes with the implementation of the code that will enable the VEREFOO framework to be able to collect data from the two systems introduced, in order to distribute configurations to Firewalls and guarantee an high level of security posture within a scope perimeter.