CHAPTER ONE

INTRODUCTION

1.1       BACKGROUND TO THE STUDY

According to Zeng et al.,(2020) Internet presents a vast array of potential threats for websites. Attackers may attempt to get access to a certain website for a variety of reasons. One of the main motivations for these attacks is the attempt to obtain private information in order to steal identities. Spam can also be obtained through websites. In an attempt to increase traffic or popularity and, consequently, increase their visibility to users and search engines, spammers attempt to insert links or codes into websites.. This kind of market goal could also involve trying to eavesdrop on people, their computers, websites, and search habits in order to create targeted ads or marketing campaigns. Friends, family, and romantic partners may also access computers and websites in search of private, sensitive data. They could potentially be accessed by a dissatisfied worker or former worker seeking retribution against their company. Political or global criminal activity may also serve as a catalyst for attacks against websites. Some people could attempt to visit websites in an effort to gain popularity among their competitors or to make use of their abilities and leisure time. Attackers meticulously search those websites for any potential openings or weaknesses. They will then attack or access websites using these vulnerabilities. Defenders must always be informed, proactive, and prepared in this never-ending battle and mission between attackers and opponents. They are pleased with how well they are safeguarding their systems.. However, from some angles, attackers are less stressed because they may select when to launch an assault and only need to be aware of one vulnerability in order to successfully access a website. However, because they are breaching the law, they must always be on the run and create means of disguising their true identities in order to avoid being discovered and facing legal action.

Moreover These days, in the business world, security is a major concern for all networks (Zeng et al.,2020). Hackers and invaders have attempted numerous times with success to take down well-known firm networks and online services. Various techniques have been devised to safeguard network infrastructure and communication via the Internet, including the implementation of virtual private networks, firewalls, and encryption. They still require the assistance of an intrusion detection system because they do not offer complete protection. (Zeng et al.,2020). One very recent addition to these methods is intrusion detection. In the past few years, intrusion detection techniques have become more prevalent. Administrators can gather information from known attack types and use it to determine whether an attempt is being made to attack a specific host or the network by using intrusion detection techniques. The data gathered in this manner can be utilised for both legal and network security hardening purposes. (Rani and Singh,2012). There are now open source and commercial products available for this use. There are a variety of vulnerability assessment tools on the market that may be used to evaluate the many kinds of network security flaws. A complete security system is made up of several tools, such as: Firewalls, which are used to prevent undesired data flow from entering and leaving the system..  Systems called intrusion detection systems (IDS) are used to determine whether someone has gained access to your network or is attempting to do so. tools for vulnerability assessments that are used to identify and close security gaps in your network. In order to protect these security gaps from malevolent Internet users, rules on firewalls are established using data gathered from vulnerability assessment tools (Rani and Singh,2012). These tools can work together and exchange information with each other. Some products provide complete systems consisting of all of these products bundled together (Rani and Singh,2012). In today's network administration activities, security management is crucial. The availability, confidentiality, and integrity of vital network information systems are the main goals of intrusion detection systems and defensive information operations. To respond to attacks in a timely manner, automated identification and prompt reporting of these events are necessary.. Thus, there is a balance between the accuracy and timeliness of intrusion detection information and the utilisation of resources. While the majority of commercial intrusion detection systems are often costly and need a substantial amount of resources, using such IDS is not practical for small networks (Rani and Singh 2012). As a result, the open source IDS is realised. A collection of tools and procedures known as intrusion detection are used to identify questionable behaviour on hosts as well as networks. Anomaly detection systems and signature-based intrusion detection systems are the two main types of intrusion detection systems. Similar to computer viruses, intruders have signatures that can be found with software. A network administrator searches for data packets containing any recognised signs of infiltration or anomalies according to Internet protocols. The detection system can identify and log suspicious activities and provide alerts based on a set of signatures and rules. It is to this the study centres on  Enhancing Security Measures For Web Servers Using Snort.

.

1.2 STATEMENT OF PROBLEM

Cyber attacks has been a major problem in the cyber space, Malicious attacks on web serves is the order of the day there by giving acess to cyber criminals. It is important that web serves implement safety measures such as the implementation Snort which helps to monitor traffic in a server and helps to prevent and detect cyber attacks. Though these detection systems are typically expensive to run it is of important nmcessity that web servers are protected by SNORT. It is to this the study centres on enhancing security measures for web servers using snort.

1.3 OBJECTIVES OF THE STUDY

The main purpose of this study was to investigate Enhancing Security Measures For Web Servers Using Snort

1) To examine the advantages of Intrusion Detection Systems and Intrusion prevention Systems

2)  To outline the Strategies Of Deploying Snort in cyber security

3) To outline the Issues And Challenges with Intrusion Detection Systems and Intrusion prevention Systems in SNORT

4) To outline the pillars of network security For Web Servers

1.4 RESEARCH QUESTIONS

1) What are the advantages of Intrusion Detection Systems and Intrusion prevention Systems

2)  What are the Strategies Of Deploying Snort in cyber security

3) What are the Issues And Challenges with Intrusion Detection Systems and Intrusion prevention Systems in SNORT

4) What are the pillars of network security For Web Servers?

1.5 SIGNIFICANCE OF THE STUDY

 This study will further shed more light to Enhancing Security Measures For Web Servers Using Snort. The study will be significant to computer programmers, lecturers, technology organizations and students which could serve as a medium for further research

1.6   SCOPE OF THE STUDY

The Study Is Restricted To Enhancing Security Measures For Web Servers Using Snort

1.7 LIMITATION OF STUDY

Financial constraint- Insufficient fund tends to impede the efficiency of the researcher in sourcing for the relevant materials, literature or information and in the process of data collection (internet, questionnaire and interview).

Time constraint- The researcher will simultaneously engage in this study with other academic work. This consequently will cut down on the time devoted for the research work.

1.8 OPERATIONAL DEFINITION OF TERMS

  The following terms are define operationally as it was used in the study

INTRUSION DETECTION SYSTEMS: An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management system.

INTRUSION PREVENTION SYSTEMS: An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur

CYBER SECURITY: Computer security, cybersecurity, digital security or information technology security (IT security) is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide