ISREAL MAIN BODY NETWORK SECURITY AND ROUTING ANALYSIS TOOLS

CHAPTER ONE
INTRODUCTION
1.1 Background of the Study
The widespread proliferation of computer networks has resulted in the increase of attacks on information systems. These attacks are used for illegally gaining access to unauthorized information, misuse of information or to reduce the availability of the information to authorized users. This results in huge financial losses to companies besides losing their goodwill to customers as their informative services are several disrupted. These attacks are increasing at a staggering rate and so is their complicity. Thus there is a need for complete protection of organizational computing resources which is deriving the attention of people towards network based security system.
We can effectively protect the computer system, if we use three fundamental techniques against intrusion: prevention, detection and response. Earlier, intrusion prevention was widely considered as a complete and sufficient protection against the intrusions. Such preventive measures include user authentication (using password or biometrics), fencing around the network using firewalls, very tight access control mechanisms, avoiding programming errors, etc. But, unfortunately these measures are not sufficient in adequately protecting the computer system due to many reasons. There would always be un-know programming flaws, design and architectural weaknesses in application programs, protocols and operating systems which can always be exploited by the attacker. The abuse of privileges by insiders (usually disgruntled employees) to gain unauthorized access, the failure of firewall to prevent many attacks such as dictionary attacks and probes, the cracking of passwords are some of the other reasons that make preventive measures insufficient to protect computer systems. Hence, intrusion prevention is not a complete solution. If there are inevitable attacks on the system, we would like to detect them as soon as possible to trace an attack to its source, and assess the extent of damage. The capability that provides these special features is known as intrusion detection. Intrusion detection tools are not preventive devices but they should be used as a second line of defense. Hence they complement the protective mechanism to improve network based security system.

1.2 Statement of the Problem
Information dissemination is through a network system. The security of the packets transferred through the network is of great concern to most firms that engage in online transfer of packets. The abuse of privileges by insiders to gain unauthorized access, the failure of firewall to prevent many attacks from the network, the cracking of passwords are some of the other reasons that make network based system stand the risk of being attacked. If there are inevitable attacks on the system, we would like to detect them as soon as possible to trace an attack to its source, and assess the extent of damage. Therefore, administrators are seeking ways to:
• Be sure that the packets transferred from the network are secured
• Keep track of user’s access date, time and activities on the network
• Security of the network by detecting intruders on the network
• The possibility of maintaining a secured network system for an organization.

1.3 Motivation
The high rate of data loss in a communication network, and the attacks suffered by these networks as a result of hacker’s activities on the network propelled the researcher to find solutions to network