An Optimal Use of Intrusion Detection and

Prevention System (IDPS)

Mhair Kashif

Zahoor-ul-haq

Department of Computer Science

Iqra University, Islamabad
Pakistan
muhammad.kashif@sco.gov.pk

Department of Computer Science

Iqra University Islamabad
Pakistan
zulh786@yahoo.com

Abstract:- Intrusion detection systems are used for monitoring

and invalidating malicious or violent activities over a network.
These activities can be in the form of policies misuse or access
violation. To prevent these activities and attacks, system must be
aware of the policies and their limitations.
In this study we have selected an IDPS called snort which is
very famous now a days and can be used freely as it is an open
source project. In this work we have studied implementation,
configuration, installation and related issues arise during this
process. Implementation is done primarily on local machine over
a LAN and afterwards will be implemented over a high speed
large network. The study will identify how to improve the
performance of snort and tune up the performance for optimal
use

I. I. NETWORK ARCHITECTURE AND SENSOR

LOCATION

a firewall placed in front of a network and all the

communication is done through the firewall. Deployment of
the inline sensor motivates towards the defending strategy, any
intrusive attack whenever is sensed is blocked / stopped and
reported. Inline mode can be better understood using figure 1
B. Passive Mode
In this type of deployment mode the data traffic is not through
the sensor but a copy of the actual data is used for monitoring
the network traffic. The key benefit of deploying the passive
mode is to monitor the network location.
Passive mode can be deployed through three different methods
which are
a. Spanning Port
More than one switch has a common spanning port, this port is
used to monitor all the data passing through network [4].

An organization should consider using management

network about feasibility to deploy a network-based IDPS. In
addition while considering the suitable network for the
components, administration should decide about placement of
sensors and the deployment can be made in two modes which
are In this study we have selected an IDPS called snort which
is very famous now a days and can be used freely as it is an
open source project. In this work we have studied
implementation, configuration, installation and related issues
arise during this process. Implementation is done primarily on
local machine over a LAN and afterwards will be
implemented over a high speed large network. The study will
identify how to improve the performance of snort and tune up
the performance for optimal use.
A. Inline Mode
In this type of deployment mode all traffic must pass through
sensor, the scenario is same like

b. Network Tap
A physical direct connection is established with the network
and tape media for direct storing of all the network data [4].
c. Load balancer
It gets the data from different taps and spanning port of
the network location and distributes the copy of the traffic to
the entire listening appliance; load balancer is similar like an
aggregator [4]. Passive deployment can better be understood
by Figure. 2.