Advanced Study Institute 2005
Network Security and Intrusion Detection
Nork, Yerevan, Armenia (October 1 - October 12)

Background > NATO ASI

Today we use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Regardless of whether or not we consider our communications top secret, we do not feel comfortable about strangers reading our messages, using computers at an unknown boundary to attack other systems, sending forged email, or examining personal information stored on our computers (such as financial statements). Network security is concerned with creating a secure inter-connected network that is designed so that on the one hand users cannot perform actions that they are not allowed to perform, but on the other hand can perform the actions that they are allowed to. Network security not only involves specifying and implementing a security policy that describes access control, but also implementing an Intrusion Detection System (IDS) as a tool for detecting attempted attacks or intrusions by crackers or automated attack tools and identifying security breaches such as incoming shellcode, viruses, worms, malware and trojan horses transmitted via a computer system or network. Intrusion detection is traditionally achieved by examining network communications, identifying heuristics and patterns of common attacks, and taking action to alert network and system managers.

An intrusion-prevention system is a system which when combined with intrusion monitoring and detection via an application layer firewall may terminate connections. Thus, an intrusion prevention system exercises access control in order to protect computers from exploitation by inspecting network traffic (for signs of intrusions) at a deeper level and can make decisions based not only IP address or ports but also on application content and may also act at the host level to deny potentially malicious activity.

Today's computer infrastructure is exposed to several kinds of security threats ranging from virus attacks, unauthorized data access, sniffing and password cracking. Understanding network vulnerabilities in order to protect networks from external and internal threats is vital to the world's economy and should be given the highest priority. Computer and network security involves many important and complicated issues and this gathering of scientists will help not only in raising awareness but also in teaching participants the state-of-the-art of security techniques.