VALLURUPALLI NAGESWARA RAO VIGNANA JYOTHI INSTITUTE OF

ENGINEERING & TECHNOLOGY

NBA Accredited CE, EEE, ME, ECE, CSE, EIE, IT -B. Tech Programs Approved by
AICTE, New Delhi, Affiliated to JNTUH

VIGNANA JYOTHI NAGAR, BACHUPALLY, NIZAMPET (S.O.),

HYDERABAD 500090. TELANGANA, INDIA.

DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING

INTRUSION PREVENTION IN THE NETWORK

A COURSE-BASED PROJECT REPORT ON COMPUTER NETWORKS AND

SYSTEMS APPROACH (CNSA)

BACHELOR OF TECHNOLOGY IN
ELECTRONICS & COMMUNICATION ENGINEERING

Submitted By
 VALLURUPALLI NAGESWARA RAO VIGNANA JYOTHI
INSTITUTE OF ENGINEERING AND TECHNOLOGY
An Autonomous Institute, NAAC Accredited with ‘A++’ Grade (CGPA: 3.73/4.0)
NBA Accredited for CE, EEE, ME, ECE, CSE, EIE, IT B.Tech. Programmes

Approved by AICTE, New Delhi, Affiliated to JNTU-H, Recognised as “College with Potential for Excellence” by UGC
Vignana Jyothi Nagar, Pragathi Nagar, Nizampet (S.O), Hyderabad TS 500 090 India

CERTIFICATE

This is to certify that the project titled “INTRUSION PREVENTION IN THE

NETWORK” is being submitted, by V.S.VASANTH.P (19071A04G5, ECE-C) in partial
fulfillment of the requirement for the award of the degree of Bachelor of
Technology, for the course Computer Networks and Systems Approach laboratory
at the Vallurupalli Nageswara Rao Vignana Jyothi Institute of Engineering and
Technology is a record of bona fide work carried out by them under our pedagogy.
The results embodied in this have not been submitted to any other University or
Institute for the award of any degree.
 ABSTRACT

Intrusion Prevention System is also known as Intrusion Detection and

Prevention System. It is a network security application that monitors network or
system activities for malicious activity. Major functions of intrusion prevention
systems are to identify malicious activity, collect information about this activity,
report it and attempt to block or stop it.
Intrusion prevention systems are contemplated as augmentation of Intrusion
Detection Systems (IDS) because both IPS and IDS operate network traffic and
system activities for malicious activity. IPS typically record information related
to observed events, notify security administrators of important observed events
and produce reports. Many IPS can also respond to a detected threat by
attempting to prevent it from succeeding.

They use various response techniques, which involve the IPS stopping the
attack itself, changing the security environment or changing the attack’s
content. IPS solutions offer proactive prevention against some of today's most
notorious network exploits. When deployed correctly, an IPS prevents severe
damage from being caused by malicious or unwanted packets and brute force
attacks.
 INTRODUCTION
An intrusion prevention system (IPS) is a form of network security that works to
detect and prevent identified threats. Intrusion prevention systems continuously
monitor your network, looking for possible malicious incidents and capturing
information about them. The IPS reports these events to system administrators
and takes preventative action, such as closing access points and configuring
firewalls to prevent future attacks. IPS solutions can also be used to identify
issues with corporate security policies, deterring employees and network guests
from violating the rules these policies contain.
With so many access points present on a typical business network, it is essential
that you have a way to monitor for signs of potential violations, incidents and
imminent threats. Today's network threats are becoming more and more
sophisticated and able to infiltrate even the most robust security solutions.
When looking into IPS solutions, you may also come across intrusion detection
systems (IDS). Before we look into how intrusion prevention systems work,
let's take a look at the difference between IPS and IDS.
The main difference between IPS and IDS is the action they take when a potential
incident has been detected.Intrusion prevention systems control the access to an
IT network and protect it from abuse and attack. These systems are designed to
monitor intrusion data and take the necessary action to prevent an attack from
developing. Intrusion detection systems are not designed to block attacks and will
simply monitor the network and send alerts to systems administrators if a
potential threat is detected.
An intrusion prevention system is typically configured to use a number of
different approaches to protect the network from unauthorised access. These
include,Signature-Based - The signature-based approach uses predefined
signatures of well-known network threats. When an attack is initiated that
matches one of these signatures or patterns, the system takes necessary action.
Anomaly-Based - The anomaly-based approach monitors for any abnormal or
unexpected behavior on the network. If an anomaly is detected, the system blocks
access to the target host immediately.Policy-Based - This approach requires
administrators to configure security policies according to organizational security
policies and the network infrastructure. When an activity occurs that violates a
security policy, an alert is triggered and sent to the system administrators.
The Cisco IOS IPS acts as an in-line intrusion prevention sensor, watching
packets and sessions as they flow through the router and scanning each packet to
match any of the Cisco IOS IPS signatures. When it detects suspicious activity,
it responds before network security can be compromised and logs the event
through Cisco IOS syslog messages or Security Device Event Exchange (SDEE).
The network administrator can configure Cisco IOS IPS to choose the appropriate
response to various threats. The Signature Event Action Processor (SEAP) can
dynamically control actions that are to be taken by a signature event on the basis
of parameters such as fidelity, severity, or target value rating.

BLOCK DIAGRAM
 IMPLEMENTATION

Flow chart
Enable the Security
Technology package.

Verify network
connectivity.

Create ips rule

Modify the
Create an IPS
rule.Signature

Use show
commands to
verify IPS.
PART1: Enable the IOS IPS (on Router1)
Type the following command in the CLI mode of Router1
Router#show version
We will get a message informing whether the security Package is enabled or not.
To enable the security feature the below commands can beused

After the security package is enabled the following commands need to be

executed in the command line interface.

We need to modify the signature using the below commands.

 RESULTS

Now we need to verify the above IPS configuration for that we need to ping the
server from PC1

As we can see the ping fails as it has no access for that operation. And also we
can check in the syslog server for activites by that we can understand and moniter
the traffic in the network.
 CONCLUSION
The Cisco IOS IPS acts as an in-line intrusion prevention sensor, watching
packets and sessions as they flow through the router and scanning each packet to
match any of the Cisco IOS IPS signatures. When it detects suspicious activity, it
responds before network security can be compromised and logs the event through
Cisco IOS syslog messages or Security Device Event Exchange (SDEE). The
network administrator can configure Cisco IOS IPS to choose the appropriate
response to various threats.
The Signature Event Action Processor (SEAP) can dynamically control actions
that are to be taken by a signature event on the basis of parameters such as fidelity,
severity, or target value rating. These parameters have default values but can also
be configured through CLI. When packets in a session match a signature, Cisco
IOS IPS can take any of the following actions, as appropriate:
1) Send an alarm to a syslog server or a centralized management interface
2) Drop the packet
3) Reset the connection
4) Deny traffic from the source IP address of the attacker for a specified amount
of time
5) Deny traffic on the connection for which the signature was seen for a specified
amount of time
Cisco developed its Cisco IOS software-based intrusion-prevention capabilities
and Cisco IOS Firewall with flexibility in mind, so that individual signatures
could be disabled in case of false positives. Generally, it is preferable to enable
both the firewall and Cisco IOS IPS to support network security policies.
However, each of these features may be enabled independently and on different
router interfaces.