Set of management rules independent of a specific device and implementation, and defining in abstract terms a desired behavior. These are stored and interpreted by the policy framework, which provide a heterogeneous set of components and mechanisms that are able to represent, distribute, and manage policies in an unambiguous, interoperable manner, thus providing a consistent behavior in all affected policy enforcement points
Published in Chapter:
IDS and IPS Systems in Wireless Communication Scenarios
dolfo Alan Sánchez Vázquez (University of Murcia, Spain) and Gregorio Martínez Pérez (University of Murcia, Spain)
DOI: 10.4018/978-1-60566-026-4.ch283
Abstract
In principle, computers networks were conceived to share resources and certain computing devices among a select group of people working in academic institutions. In this context, the security did not have high importance. Today, through the network circulates a lot of valuable data (budgets, credit card numbers, marketing data, etc.), much of which can be considered confidential. Here is where security takes great importance?so that these data cannot be read or modified by any third party, and the services offered are always available and only to authorized people (confidentiality, integrity, and readiness). When we refer to security, there are some terms of great importance. Risk is defined as any accidental or not prospective exhibition of information as consequence of the bad operation of hardware or the incorrect design of software. Vulnerabilities indicate when a failure in the operation of software and/or hardware elements exposes the system to penetrations. Starting from here we can define attack as an event against the good operation of a system, and it can be successful or not. If the attack is successful and access is obtained to the files and programs or control is obtained to the computers without being detected, then we are dealing with a penetration. This leads to an intrusion, which is a group of actions compromising the integrity, confidentiality, and readiness of computer resources (Sobh, 2006). The main objective of this article is to explain to the reader the main concepts regarding intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), and the particular issues that should be additionally considered when protecting wireless communication scenarios (in comparison with IDSs/IPSs in traditional wired networks). It also includes an extended view of the current state of the art of IDSs and IPSs in wireless networks, covering both research works done so far in this area, as well as an analysis of current open source IDSs and IPSs, and how they are dealing with the specific requirements of wireless communication networks. This article is organized as follows: First, we start with a summary of the main related works in the background section; then we give a description of the important concepts of security, a classification of intrusion detection systems, and a brief comparative of the operation of IDSs in wired and wireless networks. Next, we highlight certain research works exemplifying efforts done so far in wireless scenarios. We present the main ideas behind our current research work to model intrusions in wireless scenarios, before offering future directions of work and a summary of the main ideas expressed in the article.