Assignment Title: Information Systems Overview. With the passing time, business markets are becoming more complicated and financially complex. Management authorities are trying to find out different ways to stay in advantageous position in the market. An information system is considered as a well-known tool, which is helpful to gather necessary information from the market and contributes actively in the management decision making. According to Baskerville and Wood-Harper (206), there are different types of the information system that are helpful to generate information for specific users depending on their needs. Information systems can be used in day to day work or for a long term planning. Development of information systems are important in terms of improving the decision making management and stay ahead in the competition. Since change is a constant scenario in the business market, the information systems need to go through development continuously.
Managing an information system and its development is costly. However, it is not only important but also crucial to consider information system properly. It is mainly because the growth of the organization or industry is hugely dependent on the information systems used by the management. According to Ward and Peppard (2016), the information should be utilized by the directorate as well as by the employees. It is found that some information systems are developed to aid the management in decision making where the some of the other information systems are designed to meet the needs of the employees.
From the study of Melville (2010), it is noticed that employees in different levels bear various types of responsibilities. Therefore, when the position of an employee changes, it is found that the information systems can help that employee to learn about the increased responsibilities. Unlike the employees, the supervisors and other operational managers use a different type of information systems. Although various types of information systems exist in the business management out of which four kinds of information systems are considered as the most important. These four types of information systems may include transaction process system, management information systems, decision support systems and executive information systems. These four types of information systems also help to cover all of the functional areas within a business such as sales and marketing, finance and accounting, product manufacturing and human resource.
With the support of this research, it is tried to explain the importance of information systems within a business structure. Among the different types of information systems, four major types of information systems are selected and discussed in this essay. Advantages and disadvantages of using information systems can be identified. It can be assumed that a set of recommendation scan be developed based on the findings of the work.
The purpose of the current essay is to understand the importance of information systems in terms of producing more accurate and targeted information about customers, markets, suppliers and competitors to improve the decision making capabilities of the business.
To identify the relevant types of information systems in business
To understand the impact of different types of information systems on business
To determine advantages and disadvantages of using information systems
Identification of the various types of Information Systems
As opined by Bonham-Carter (2014), different types of information systems can be identified through a classification procedure. In business management, classification of information systems is a process that helps to determine and categorize the information systems in such a way that they can be treated as a group. The authors mentioned that the classification of information systems is a bit confusing because any natural law does not control the information systems but the human factors (Watson, Boudreau and Chen, 2010). A “type’ of information systems is just a “concept,” which is developed based on the kinds of information need by the authority or client. Therefore, it can be said that depending on different concepts of information required the information systems can be categorized. As opined by Ian (2010), one of the oldest methods, which is widely used to classify the information system is the pyramid model.
Advantages and Disadvantages of Information System
The achievement and benefits of an organization are hugely dependent on their skills of using the information systems. The purpose of using information systems is to deliver the right information to the right person so that it can enhance the decision-making system. Following are the advantages and disadvantages identified of using the information systems.
There are many benefits of using the information system. These advantages may include the improvement of communications, reduction of globalization and cultural gap and development of new job roles. With the implementation of the information system, the management can share the information and develop a good employee relation within the organization (Urquhart, Lehmann and Myers, 2010). On the other hand, the use of information technology helped an organization remain open for 24×7 in all over the world. It is also proved as helpful to manufacture cost effective products within minimum time. The application of information systems promotes effective work culture within the organization, which in turn improves the decision making process. Although many of the employees get frustrated to use information systems, it is found that the development of frustration is the result of inadequate training and poor performances of systems.
The numbers of disadvantages of using the information systems are also not negligible. The major disadvantage of using the information systems is the increase of lack of job opportunity and unemployment.
With the help of information systems, most of the paper workers can be completed within short time, and the financial transaction can be easily calculated without the involvement of any extra employees. With the implementation of higher technologies, the organizations tend to decrease their employee number. Apart from that, the implementation of information systems globalized the business system, which may experience dominance of greater power on the weaker one, which can hamper the decision-making system. With the use of information systems, the communication mode of business is becoming English. Therefore, people with lack of English proficiency are suffering to get a job. The expense of implementing information systems is too heavy for many organizations. Therefore, strong economic backup required before implementing an information system.
Transaction Process System
Transaction processing system is concerned as an information system that contributes towards the collection, modification and retrieving of the data transaction for a concerned enterprise. The system is efficient for the production of the accurate data related to consumers and suppliers that are essential for the businesses. This system is associated with providing the reliable processes transaction towards the commercial organizations that ensure the consumers’ order met on time (Stair and Reynolds, 2013). It is also concerned with the partners and suppliers to get the payment and make the payment on time. Thus, it has ensured a vital portion of the effective business management process for the business organizations.
It is associated with several characteristics that enable the transaction processing systems to offer the deals with the consideration of smooth flow of data and maintain the progression of the process throughout the enterprises. Rapid processing feature enables the system to perform the transactions instantly, reliability incorporate comprehensive safeguard to the disaster recovery system to make it error free, and standardization process helps in the process to acquire identical data for each transaction regardless of the consumers (Siponen and Vance, 2010). Apart from this controlled access, atomicity, consistency, isolation, and durability helps in the process of batch processing and real time processing of the information.
Management Information Systems (MIS)
Management information system is capable of providing the managers of an organization, the ability to organize, evaluate and effectively manage the departments within the organization. MIS is providing the tool towards the managers with a computer-based system. The principal purpose of the system is concerned with providing the managers the opportunity to make strategic, tactical and operational decisions to manage the data with efficient and productive manner (Chaffey and White, 2010).
It is necessary for the managers to rely on the particular data associated with the consumers, suppliers and competitors that enable the business managers of all level to rely on the reports generated by the system. Besides, MIS is effective enough that it helps in the process of evaluating the daily activities of the business and concentrate on the problems that enable the managers to make decisions and track progress in the firm.
Moreover, it is considered as the broadly used three-resource based system that required for effective organizational management. These resources are based on people, information, and technology. It is concerned with the computer automation service that contributes towards the quality and efficiency determination of the business operation and improves the human decision making capabilities (Chen et al., 2010).
Decision Support Systems
Decision support system is mainly considered as the set of the related computer program and data that assist the business organizations to analyze and make a decision within the internal operations. The program is capable of collecting the data related to consumer and suppliers and present the data towards the management to make the decision-making process easy.
It is different from the operational application and rather known as the informational application. Considering the application of the DSS at the enterprise level, it has been found that it serves as an informational application (Galliers and Leidner, 2014). With the aid of the informational application, DSS helps in the process to gather information related to comparative sales figures of every week; revenue figures projected based on the new product sales assumptions, and provide data related to the consequences of the previous experiences (Rainer et al., 2013).
DSS is considered as the broad scope application of the Management Information System that helps in the process to report on the performance based on cost and profitable or unprofitable projects. Applications of the DSS system in the organizations have indicated that it is a powerful tool as it depends on the OLAP (On-Line Analytical Processing) technologies (Bharadwaj et al., 2013). It provides the permission of browse, query, analyzes and summarizes the large extent of data with interactive and dynamic way.
Executive Information Systems
Executive Support System is concerned with the application of the executive information system that associated with the development of facilitating and supporting the senior executive information that maintains the decision-making needs of the organization. The system is capable enough that it maintains the access balance between the internal and external information and keep it coordinated to achieve the organizational goal (Teece, 2010). ESS is concerned with various characteristics that help the organization keep track of the information related to the business such as consumer and suppliers data. Informational features help in the process to produce relevant information; orientation characteristics offer secure access to data, managerial characteristics supports the need and executive capabilities offers the telecommunication capacity to be implemented in the enterprise (Boehm and Thomas, 2013).
Also, the development of the ESS is mainly based on the integration and aggregation of data that mainly display the pattern to the enterprise to understand better. Moreover, the application of the ESS is beyond the EIS that include the communication extent, office automation process, and provide the analysis support to the enterprise to make an effective decision (Willcocks, 2013).
Green Information Technology
Green IT is associated with maintaining the positive relationship between the environment and the use of the computers. The process is helping the organization in the aspect of managing the corporate social responsibility efficiently. This information technology is concerned with the energy related issues such as rising cost of the energy, power limitation, and enhancement of the performance demand. It has enabled the organizations to concentrate towards the design, manufacturing, disposal and reallocation extent to reduce cost and maintain effective consumer relationship (Laudon and Laudon, 2011).
The extent of the IT solutions that Green IT provides is associated with the data that metering energy concern and the network coverage. As for example related to the application of the Green IT, it has been found that arrangement of the video conference has reduced the carbon emission by reducing the travel expenses and transportation reduction. The basic working pattern of the Green IT system is associated with asset removal and logistics maintenance (Vom Brocke and Rosemann, 2010). On the other hand, pickup, sorting, and data destruction is concerned with asset tag removal and detailed reporting process. It also provides the disposition option to the organizations as it enables the company to recycle, lease return and employee purchase processes in the organization.
From the overview of the different types of information systems, it can be said that all of these information systems are essential for the growth of the organization. The use of information systems contributed in the globalization of the business management. The advanced use of information system already proved as beneficial for the extensive growth of the organizations.
The authors who worked in the field of business management identified several types of information systems. It is found that the types of the information system are dependent on the concepts of information required by the employees and the management authority. There is a misconception existing regarding the necessity of information systems. Previously it was assumed that only the management authority and operation management required the information systems. However, later it is proved that the use of information systems by the employees is also beneficial in terms of improving the responsibility senses among the employees. From the study of previous authors, it is found that employees are promoted from one level to another. With the help of information systems, the employees can quickly identify and understand their new job roles and responsibilities.
With the help of pyramid model, the authors showed the classification of information systems. Four major types of information systems are identified that are widely used in the business sector, such as Transaction Processing System, Management Information System, Decision Support System and Executive Information System. All of these information systems are helpful in the collection of valuable data for a particular organization and improve their decision-making system. The Transaction Processing System or TPS is considered as a computerized system, which performs and controls information (transactions) that are required in business. Mainly it is a fund that the TPS accumulate and process the business transaction data. Therefore, it can be said that this particular information system is controlled by the management authority or the operation management of a particular company.
Certain changes in the transaction process can be easily evaluated with the Transaction Processing System. On the other hand, the Management information system or MIS is helpful to accumulate and process information that is required in the management of an organization. It is found that the management information system extract and process the data obtained from the Transaction Processing System. This information system helps the managers to direct the organization and control the functional areas in a better way.
This information system is also beneficial to of accurate feedback and offers pre-specified reports to the different level of managers. On the other hand, the decision support system is identified as an interactive information system, which is important to develop models and data manipulation tool regarding helping the managers in semi-structured and unstructured situations. Apart from these systems many other systems are identified that can have an impact on the decision-making systems, such as communication systems, office automation systems, and expert systems. However, several flaws of introducing the information systems are also identified such as increase of unemployment, security issues (data breaching) and expenses of implementing information systems.
Despite the positive sides of implementation of information systems, it can be said that few challenges are limiting the efficiency of information systems. Following are the recommendations offered based on the flaws identified in the implementation process of MIS.
It is found that the use of information systems is constrained within the hand of managers and the operation management. The limited use of information may be influencing the decision-making process, but it is certainly not helpful for the overall growth of the company. To maintain overall growth within the organization, different level of the information system should be accessed by the employees. The use of information system by the employees helps them to monitor their growth rate and understand their job responsibilities easily.
The information system is dynamic in nature based on the changes occurring in the universe. It is sometimes difficult to the managers to keep pace with the sudden changes that took place in information systems. Henceforth, strategies should be taken by the managers so that can easily tailor the available information and use them effectively. Strategies should be taken to remain up to date with the current market situation.
Different departments use information systems in a different way, which may affect the decision-making system. In order to improve the decision making system, it is important to maintain a proper alignment and communication between different departments. Henceforth, steps should be taken to align the strategic plan of the various departments with the business objectives. Matching the current capabilities of the organization with the future needs of the information technology is required.
Before implementation of the information system, it is important to identify the possible threats. With the help of information technology, an organization can evaluate the market risks and analyze the possible difficult situation. Implementation of information system without proper risk assessment can be limited its performance. On the other hand, an action plan should be developed to minimize the risks that are related to information systems.
Improvement of the technology infrastructure is crucial to implement the information system quickly. Lack of proper technological infrastructure cannot ensure the proper outcome of information systems. Therefore, the organizations need to ensure that the performance of the available technical supports meets the department computing objectives. Apart from that, they need to adopt different hardware (advanced models), which are cost effective.
Maintenance of the system security is vital for an organization. With the implementation of the information systems, the organizations are becoming more dependent on the computers to keep their data and its logical result. The lower security system can lead to the security breaching, and the company can lose valuable information that can affect their market positioning. Procedures should be implemented to report, detect and respond the security threats. Firewalls should be activated that can control and limit internet protocols through the firewall.
The recruitment of physical security is also essential to secure the information technology and its related equipment from theft. Also, steps should be taken to maintain disaster recovery.
Baskerville, R.L. and Wood-Harper, A.T., 2016. A critical perspective on action research as a method for information systems research. In Enacting Research Methods in Information Systems: Volume 2 (pp. 169-190). Springer International Publishing.
Beynon-Davies, P., 2013. Business information systems. Palgrave Macmillan.
Bharadwaj, A., El Sawy, O.A., Pavlou, P.A. and Venkatraman, N.V., 2013. Digital business strategy: toward the next generation of insights. Mis Quarterly, 37(2), pp.471-482.
Boehm, M. and Thomas, O., 2013. Looking beyond the rim of one’s teacup: a multidisciplinary literature review of Product-Service Systems in Information Systems, Business Management, and Engineering & Design. Journal of Cleaner Production, 51, pp.245-260.
Bonham-Carter, G.F., 2014. Geographic information systems for geoscientists: modeling with GIS (Vol. 13). Elsevier.
Chaffey, D. and White, G., 2010. Business information management: improving performance using information systems. Pearson Education.
Chen, D.Q., Mocker, M., Preston, D.S. and Teubner, A., 2010. Information systems strategy: reconceptualization, measurement, and implications. MIS Quarterly, 34(2), pp.233-259.
Galliers, R.D. and Leidner, D.E., 2014. Strategic information management: challenges and strategies in managing information systems. Routledge.
Ian, H., 2010. An introduction to geographical information systems. Pearson Education India.
Laudon, K.C. and Laudon, J.P., 2011. Management information systems (Vol. 8). New Jersey: Prentice Hall.
Melville, N.P., 2010. Information systems innovation for environmental sustainability. Mis Quarterly, 34(1), pp.1-21.
Rainer, R.K., Cegielski, C.G., Splettstoesser-Hogeterp, I. and Sanchez-Rodriguez, C., 2013. Introduction to information systems: Supporting and Transforming business. John Wiley & Sons.
Siponen, M. and Vance, A., 2010. Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, pp.487-502.
Stair, R. and Reynolds, G., 2013. Principles of information systems. Cengage Learning.
Teece, D.J., 2010. Business models, marketing strategy, and innovation. Long range planning, 43(2), pp.172-194.
Urquhart, C., Lehmann, H. and Myers, M.D., 2010. Putting the ‘theory’back into grounded theory: guidelines for grounded theory studies in information systems. Information systems journal, 20(4), pp.357-381.
Vom Brocke, J. and Rosemann, M., 2010. Handbook on business process management. Heidelberg: Springer.
Ward, J. and Peppard, J., 2016. The Strategic Management of Information Systems: Building a Digital Strategy. John Wiley & Sons.
Watson, R.T., Boudreau, M.C. and Chen, A.J., 2010. Information systems and environmentally sustainable development: energy informatics and new directions for the IS community. MIS Quarterly, pp.23-38.
Willcocks, L., 2013. Information management: the evaluation of information systems investments. Springer.
Yoo, Y., Henfridsson, O. and Lyytinen, K., 2010. Research commentary-The new organizing logic of digital innovation: An agenda for information systems research. Information systems research, 21(4), pp.724-735.
I do hope you enjoyed reading this post on Management Information Systems (MIS). There are many other titles available in the IT Dissertation Collection that should be of interest to information technology and computer science students and information technology professionals. There are many dissertation titles that relate to other aspects of information technology such as Network Security, Information Systems, ERP, Software, IT Infrastructure, Programming, Telecommunications, eLearning, eCommerce, Wireless Networks and Systems Analysis. It took a lot of effort to write this post and I would be grateful if you could share this post via Facebook and Twitter. Feel free to add your thoughts in the comments section. Thank you.
Title: Network Design – When implementing a network in an organisation, there are some design issues that must be considered before implementation. The requirements of the network must be clearly defined and all the network components to be used have to be clearly defined. Some of the considerations are discussed below.
Network Design and Network Architecture
Network architecture is the infrastructure consisting of software, transmission equipment, and communication protocols define the structural and logical layout of a computer network. The mode of transmission of a network can be wired or wireless depending on the requirements in an organisation. There are various types of networks that can be applied in an organisation depending on the network size. Local area network (LAN) refers to network in a small geographical area, Metropolitan area network (MAN) refers to network in a city, and wide area network (WAN) refers to network that is spread geographically in a wide area. Among the three types of network, the company would implement LAN since it is only covering a small geographical area.
The transmission medium of a network can be wired or wireless. Wired medium involve use of coaxial cables or fiber-optic cables while wireless media involves wireless transmission of data. Depending on the bandwidth, throughput and goodput we are able to determine the best medium of transmission. Fiber optic cables have low signal loss since they avoid collision, and they are efficient in data transfer in high traffic networks. Coaxial cables are less expensive compared with fiber optic cables, but they have high signal loss caused by collisions. Wireless transmission is efficient in local area network where there are few computers.
Network Design Management Method
The management method of a network can be either peer to peer or client-server. Peer to peer is where there is communication between several computers without a central computer. Client-server is where each client is independent and a central server provides services to the clients. In a peer to peer network, many computers can share a single application installed in one computer. In a client-server, they are designed to support large number of clients where the clients do not share resources. The client-server model security is enhanced because security is handled by the server. It is also easy to upgrade a client server model to meet new requirements in an organisation.
Figure 1, a client server model
Network topology is divided into physical and logical topology. Physical topology refers to the way in which computers and other devices are connected. Logical topology describes the layout of data transmission in a network. Bus, ring, star and mesh topologies are the main types of topologies. Bus topology is a where all devices are connected with a single cable. The topology works for small networks, but it is slow and collisions are common. Ring topology is where the cable runs around where each node is connected to each other. There are fewer collisions compared with a bus topology. A token ring is used to avoid collision. In a star topology, all the devices are connected to a central hub. There is a central management making it is faster in upgrading, but failure of the central hub brings down the entire network. Mesh topology connects all the devices to each other for fault tolerance and redundancy to improve performance.
Network Design Security Requirements
Networks are frequently attacked by hackers and other malicious people. This makes security one of the key considerations when designing a network. To reduce the number of attacks on computer networks, the network should have firewalls, intrusion detection systems, VPN, and DMZ. These measures reduce the threat and detect malicious people in the network.
This refers to the ability of the network to grow. The network should be scalable enough to cater for growth in the network infrastructure.
Network Address Translation (NAT)
This is a design consideration where many computers in a private network access the network using one public IP address. This is a measure to enhance security in a network.
Figure 2, Network architecture
Figure 3, Showing how VPN is implemented
OSI Reference Model in Network Design
The OSI model has seven layers as highlighted in the diagram. The communication system is sub-dived into layers where each layer sends service requests to the layer below it and receives service requests from the layer above it (FitzGerald & Dennis, 2009).
Layer 1: Physical Layer
Physical layer refers to the hardware and all network devices used in the network. The layer defines the physical devices and the transmission medium. The layer receives service requests of the data-link layer and performs encoding and decoding of data in signals. Protocols in this layer include CSMA/CD, and Ethernet (Liu, 2009).
Layer 2: Data-Link Layer
Data-link layer receives service requests of the network layer and sends service requests to the physical layer. The main function of the data-link layer is to provide reliable delivery of data across networks. Other functions performed by the layer include framing, flow and error control, and error detection and correction. There are two sub layers of the data-link layer; media access control layer, and logical link control layer. Media access control performs frame parsing, data encapsulation and frame assembly. Logical link control is responsible for error checking, flow control and packet synchronisation. Protocols in this layer include; X 25, frame relay and ATM.
Layer 3: Network Layer
Network layer is responsible for managing all the network connections, network congestions, and packet routing between a source and destination. The layer receives service requests of the transport layer and sends service requests to the data-link layer. The main protocols in this layer are IP, ICMP, and IGMP.
Layer 4: Transport Layer
The main purpose of this layer is to provide reliable data delivery which is error free by performing error detection and correction. The layer ensures that there is no loss of data, and data is received as it was sent. The layer provides either connection-less or connection oriented service. There are two protocols in this layer: UDP and TCP.
Acknowledgements and windowing flow control
No reliable delivery
No acknowledgements and no windowing flow control
Layer 5: Session Layer
The main purpose of this layer is to establish and terminate sessions. The layer sets up and terminates connection between two or more processes. It also manages communication between hosts. If there is login or password validation, this layer is responsible for the validation process. Check-pointing mechanism is also provided by this layer. If an error occurs, re-transmission of data occurs from the last check-point. Protocols in this layer include; RIP, SOCKS, and SAP.
Layer 6: Presentation Layer
This layer is responsible for data manipulation, data compression and decompression, and manages how data is presented. The layer receives service requests of the application layer and sends service requests to the session layer. The layer is concerned with the syntax and semantics of the data in transmission. Data encryption and decryption (cryptography) is used to provide security in this layer. Protocols involved in this layer include; ASCII, EBCDIC, MIDI, MPEG, and JPEG.
Layer 7: Application Layer
This layer provides interaction with the end user and provides services such as file and email transfers. The layer sends service requests to the presentation layer. It has several protocols used in communication; FTP, HTTP, SMTP, DNS, TFTP, NFS, and TELNET.
Ethernet – provides transfer of information on Ethernet cable between physical locations
Serial Line Internet Protocol (SLIP) – used for data encapsulation in serial lines.
Point to point protocol (PPP) – this is an improvement of SLIP, performs data encapsulation of serial lines.
Internet Protocol (IP) – provides routing, fragmentation and assembly of packets.
Internet Control Management protocol (ICMP) – help manage errors while sending packets and data between computers.
Address resolution protocol (ARP) – provides a physical address given an IP address.
Transport control protocol (TCP) – provides connection oriented and reliable delivery of packets.
User datagram protocol (UDP) – provides connection-less oriented service and unreliable delivery of packets.
Domain name service (DNS) – provides a domain name related to a given IP address.
Dynamic host configuration protocol (DHCP) – used in the management and control of IP addresses in a given network.
Internet group management protocol (IGMP) – support multi-casting.
Simple network management protocol (SNMP) – manages all network elements based on data sent and received.
Routing information protocol (RIP) – routers use RIP to exchange routing information in an internetwork.
File transfer protocol (FTP) – standard protocol for transferring files between hosts over a TCP based network.
Simple mail transfer protocol (SMTP) – standard protocol for transferring mails between two servers.
Hypertext transfer protocol (HTTP) – standard protocol for transferring documents over the World Wide Web.
Telnet – a protocol for accessing remote computers.
Figure 5 shows the TCP/IP architecture
Layer 1: Network Access Layer
This layer is responsible for placing TCP/IP packet into the medium and receiving the packets off the medium. This layer control hardware and network devices used in the network. Network access layer combines the physical and data-link layer of the OSI model.
Layer 2: Internet Layer
It functions as the network layer in the OSI model. The layer performs routing, addressing and packet addressing in the network (Donahoo & Calvert, 2009).
Layer 3: Transport Layer
The layer has the same functions as the transport layer in the OSI model. The main function of this layer is to provide reliable data delivery which is error free. The layer receives service requests of the application layer and sends service requests to the internet layer.
Layer 4: Application Layer
This is the layer that has applications that perform functions to the user. It combines the application, presentation and session layers of the OSI model.
TCP/IP Commands Used To Troubleshoot Network Problems
There are many TCP/IP commands that can be used to show that there is a break in communication. The commands are: PING, TRACERT, ARP, IPCONFIG, NETSTAT, ROUTE, HOSTNAME, NBSTAT, and NETSH.
Hostname is used to display and show the host name of the computer
Arp is used for editing and viewing of ARP cache.
Ping is used to send ICMP echo to test the reachability of a network
Event viewer shows all the records of errors and events.
Donahoo, M. J., & Calvert, K. L. (2009). TCP/IP sockets in C: Practical guide for programmers. Amsterdam: Morgan Kaufmann.
Fall, K. R., & Stevens, W. R. (2012). TCP/IP illustrated. Upper Saddle River, NJ: Addison-Wesley.
FitzGerald, J., & Dennis, A. (2009). Business Data Communications and Network Design. Hoboken, NJ: John Wiley.
Leiden, C., & Wilensky, M. (2009). TCP – IP. Hoboken: For Dummies
Liu, D. (2009). Next generation SSH2 Network Design and Implementation: Securing data in motion. Burlington, MA: Syngress Pub.
Odom, W. (2004). Computer networking first-step. Indianapolis, Ind: Cisco.
Ouellet, E., Padjen, R., Pfund, A., Fuller, R., & Blankenship, T. (2002). Building a Cisco Wireless LAN and Network Design. Rockland, MA: Syngress Pub.
If you enjoyed reading this post on Network Design and Structure, I would be very grateful if you could help spread this knowledge by emailing this post to a friend, or sharing it on Twitter or Facebook. Thank you.
Is the use technology management important in a business organization? And
Is technology management necessary?
Technology is creation and use of means that are technical and draws on subjects such as engineering, industrial arts, and pure science. Additionally, the applications of the aforementioned knowledge encompass technology.
On the other hand, management entails directing, planning, evaluating, and related activities. It also covers responsibility, accountability, and authority. Management of technology entails the responsibility of making decisions, which ensure that an organization is successful. As a manager, some of the roles that are related to management of technology include hiring the employees to manage business technology (like IT experts), developing products, buying technological equipment, and making upgrades to the existing technological structure.
The use of technology in the workplace is inevitable in the 21st century. According to Teece (2010), the advent of IT changed the way people conduct business in addition, the way in which business is conducted: This includes the way in which employees work, relate, and communicate (with both consumers, fellow employees and other entities). It has also revolutionized the way organization is managed, the way change is managed, service delivery, customer loyalty retention, business correspondences, meetings, project evaluation, etc., are performed in an organization (Ajjan et al,, 2013).
Use of technology can be used in various ways as revealed above. In this paper, we will look at how technology is used in an organization, the importance of technology, and management of technology for maximum benefit of an organization.
By looking at the use of technology in organizations and its importance, I will be able to cover, sufficiently, the two-research question. I will make use of literary works on technology and management and how various authors and researchers have proved this. In taking this approach, the paper underscores the importance of technology management, its important, and any shortcoming that may be associated with technology.
The Benefits of using of Technology in Business Organizations
Maizlish & Handler (2010) point out that technology is important in business communication, and advanced use for technology has enabled real time passing of information by a click of a button, business correspondences and decisions are able to be passed faster and hence prompt and quick action and measures can be taken for instance to mitigate an emergency like customer complaints. The use of technology enables multi-level communication (Guffey & Loewy, 2010, August 23).
Example technology makes it easier for multinational employees to access information at a go regardless of the miles that the branches are away. Crews & Stitt-Gohdes (2012) reveal that importance of social media, such as Twitter and Facebook, in communication. Adding that the trick is to manage social media sites well and update regularly to keep the followers updated; For example ‘’Nordstrom’’(2015), one of America fashion retail uses Facebook in updating the followers on discounts and new items (see facebook.com/Nordstrom). This reveals the importance and necessity and the need for technology management.
Planning and ROI
Technology has a role in planning and return of investment (ROI) (Tapscott, 2008). He opines that technology is very crucial as a planning. It is needed to sequence completion of a particular business strategy, change, or investment. If a business seeks to make use of technology in products and service improvements, both the manager and the employees have an easy time to plan as compared to conventional physical panning (Turban et al, 2008). Gartner (2013) argues that incorporating technology is expensive as business budget is largely comprised of IT and planning is important to ensure that there is return.
We see the importance of technological planning in Software and Gaming companies like Ubisoft that has multiple studios (Montreal, Shanghai, Paris, Toronto, japan, etc.). For better planning the company has to use technology in order to coordinate between the various studios in relation to launching, deadlines, series and development (Ubisoft, 2015).
Increase Customer Service
Lovelock et al (2009) reveals one of the main purpose of business is to ensure desirable customer service, and adds it has been easier by the use of technology and platforms such as social media and websites, customer data can be secured and used in products and service improvements (website cookies and survey).
Additionally, Campbell & Frei (2010) reveal that, technology if managed properly can be used to simplify and fasten the payment of goods and services and processing of payments, for example technology enables businesses such as Alibaba, e-Bay and Amazon to conduct e-commerce. The success of this can be seen in Alibaba; it command over 80% of china commerce, has a market cap of over 215 billion (September 2014) in the range of big tech companies like Apple, Google and Microsoft (Forbes, 2014). This is no doubt because the company uses its technology well and takes advantage of internet use to expand its connectivity, revealing the importance of technology.
Mahalik & Nambiar (2010) add that technology, if well managed, increases of production in both quality and quantity. As compared to human labour that may be affected by sickness, emotions, and fatigue, technology, when managed well, is effective and fast. Many businesses that are in the producing business are always aware of the terms-efficiency and time. This can only be made possible by the use and proper management of technology. An improvement is advancement always translates to increased quality and output of products and production respectively. Thus, technology management ensures that technology saves time for example automation.
A clear illustration is the way Microsoft is using its Windows 10 Preview to receive feedback from user after installation so as to build and better interface for Windows 10. The technology has ability to record bugs, send updates and feedback to Microsoft server, additionally; a user can also review the Operating System or give manual feedback on any improvement.
Many business nowadays use technology in their Human Resource, this includes in key areas such as recruitment, whereby many businesses such as Deloitte, KPMG, Total, etc. have online recruitment portals for recruiting graduates and experienced labour (KPMG, 2015). Moreover, Human resource manager may use technology is assigning tasks to fresh employees and tests (Aptitude Tests). To add on, Gardner, Gino, & Staats (2012), argue that technology plays an important role in monitoring the behaviour of employees and performance using CPM (Computerized performance monitoring). Lastly, proper management of integrated technology can help in training, workshops, and seminars (Alge & Hansen, 2013).
The use of technology is very important especially for the innovation team. The level of innovation can be highly increased with internet that enables the innovators to come up with new ideas, create new products, and improve of the existing ones. In addition, in order to understand competition, a business must understand the market, the similar products that are in the market among other issues. This enables an organization to be able to learn on new technology, improve on it, or come up with new ways of making a product that is faster and less costly.
Lastly, it has enables organization reach market that were inaccessible using print. The use of E-marketing, e-mails, e-newsletters, social media marketing (YouTube, Facebook, Google, etc.) have made this possible (Friel, 2009). A success story is marketing is shared by Grisak (2014) of Freedom House LLC; a company which increase subscriber, registrations per month, customer retention rate and the number of online visitors from 1000 to 12000 per month using e-marketing tools.
Shortcomings on Technology Use
To understand the importance of technology management, we also need to looks at some of the shortcoming that are associated with use and overreliance of technology in business organization.
One shortcoming of having technology, especially cutting-edge, is cost. There is the initial cost of purchase, training of staff, and regular and ongoing maintenance of the technology. Additionally there must be a backup just in case there is system failure so that production is not halted.
Technology such as internet, email, e-banking, e-commerce is always at the mercy of hackers and cybercrime. Technologies that make use of consumers’ data are always prone to abuse as the data may be used to steal from the very customer who the company is trying to retain (Shaw et al. 2012).
This is in relation to the employees of an organization; it is true that technology can be used to help the Human Resource Manager in recruitment, evaluation, and performances of employees. However, the same can cause distractions to the same employees and affect their level of production (Amit & Zott, 2010). This interruption consists of emails and instant messages, online games, pornographic content, music and videos. Since distractions take up time, which could have been used for constructive business work, the company performance may suffer.
The Constant Need to Upgrade
Many technologies have features, which need constant and regular upgrades. This as a result leads to additional costs and expenses for the business. Example many companies make use of computers in the offices, this computers may become outdated or the software may need upgrading, for instance from Window 7 to 8, and to the recent Windows 10. The need for upgrade is also related to security, an upgrade may be needed to boost the security with the advancement of hackers and fraudsters.
Effects on Customers
The use of technology is has a flipside. Since the technology is can be used to bridge the communication gap with customers, it may also act as a barrier. This means that it has both negative and positive impacts on the consumer.
Some customer will really prefer the convenience and time saved on paying online, while for other it boils down to privacy. In the same way some consumers prefer talking to customer service personnel on phone than via email and may be frustrated with technology-after all not all people are tech savvy.
Thus technology is key to business success and the manner in which the technology is managed will determine the level of technological success and failure; making technology management necessary in business organizations.
Conclusion: Recognizing the Importance of Technology Management
Looking at the role which technology play in the life of a business, it goes unopposed that presently it is impossible for it to survive and compete equally without employing technology.
Technology helps in key aspects, daily aspects, such as communication, planning, innovation, etc. However, in the same way it has its downside in a business organization. These include expense, security, distractions, and constant upgrades among others. It is through these shortcomings that the aspect of technology management comes in, here it enables an organization to identify the correct technology, train its staff and upgrades.
The technology management ensures that the shortcomings such as the impact on customers do not affect business. Managers have to ensure that the technology is user friendly and easy to use for both the employees and customers. If it is a manufacturing or processing technology, it should be easy to use for the operators to use.
Technology management should be a continuous process to ensure efficiency. This is very important is areas such as security and privacy. Hence, websites, payment systems, customer data, and important business secrets have to be protected through upgrades and technological change.
Amit, R. H., & Zott, C. (2010). Business model innovation: Creating value in times of change. (870).
Shaw, M., Blanning, R., Strader, T., & Whinston, A. (2012, December 6).Handbook on electronic commerce (M. Shaw, R. Blanning, T. Strader, & A. Whinston). Springer Science & Business Media
Friel, F. (2009). E-marketing communications: a case study. Letterkenny Institute of Technology Management.
Alge, B. J., & Hansen, S. D. (2013). Workplace monitoring and surveillance research since “1984”: A review and agenda. The Psychology of Workplace Technology Management, 209
Gardner, H. K., Gino, F., & Staats, B. R. (2012). Dynamically integrating knowledge in teams: Transforming resources into performance. Academy of Technology Management Journal, 55(4), 998-1022.
Campbell, D., & Frei, F. (2010). Cost structure, customer profitability, and retention implications of self-service distribution channels: Evidence from customer behavior in an online banking channel. Technology Management Science, 56(1), 18-24.
Gartner. (2013). Gartner Says Every Budget is Becoming an IT Budget.
Turban, E., Leidner, D., McLean, E., & Wetherbe, J. (2008, May 1) Information Technology Management, (With CD) John Wiley & Sons.
Tapscott, D. (2008, October 3). Grown Up Digital: How the Net Generation is Changing Your World HC. McGraw-Hill.
Ajjan, H., Kumar, R. L., & Subramaniam, C. (2013) Understanding Differences between Adopters And Non-adopters Of Information Technology Management Project Portfolio Management. International Journal of Information Technology & Decision Making, 12(6), 1151-1174.
Teece, D. J. (2010). Business models, business strategy and innovation. Long range planning, 43(2), 172-194
Maizlish, B., & Handler, R. (2010, October 7). IT (information technology) portfolio management step-by-step: Unlocking the business value of technology. John Wiley & Sons
Crews, T. B., & Stitt-Gohdes, W. L. (2012). Incorporating Facebook and Twitter in a service-learning project in a business communication course. Business Communication Quarterly, 1080569911431881
Nordstrom. (2015) Nordstrom.
Ubisoft. (2015) Ubisoft Overview.
Lovelock, C. H., Wirtz, J., & Chew, P. (2009). Essentials of services marketing. 1st Edition.
Mahalik, N. P., & Nambiar, A. N. (2010). Trends in food packaging and manufacturing systems and technology. Trends in Food Science & Technology Management, 21(3), 117-128
.KPMG Grad Connection. (2015). Graduate Jobs and Internships.
Grisak. R. (2014, Dec 23). Case Study: Freedom Health LLC.
An Investigation into the Concept, Design, Development, Applications and Future of Cloud Based Manufacturing and Design
Dissertation Title – Cloud Manufacturing. It is widely known that manufacturing challenges today are certainly more complex than what they were in prior times. We find ourselves as cogs of a fast moving world, connected to each other. Additionally, a booming and constantly moving global economy, drastic growth in consumer-driven technology, and constantly changing and somewhat unpredictable purchasing behaviors of consumers, jointly present their opportunity and risk. Therefore, in light of the reasons presented, the need for manufacturers to invest in next-gen industrial automation solutions is now, more than ever before, and the time is right to embrace the cloud.
In the introductory section of the dissertation, a brief background of the topic is given, to highlight some elements of the topic. Furthermore, the aims and objectives are mentioned, which have assisted in guiding the entire research project, from start till finish. Also, problem statement as well as the significance/scope of the research is mentioned, illustrating the significance of cloud manufacturing in today’s global economy. Finally, a brief overview of the report is listed, to provide a breakdown of the chapters. The evolution of manufacturing engineering systems has taken place with the aim of meeting various objectives.
These range from cost reduction, the need for reducing lead times, seamlessly integrating new processes, sub-systems, technology and / or upgrades; interoperability; reducing waste due to production activities, instantaneous reconfiguration capabilities and the ability to promptly adapt to events of an expected and unexpected nature.
Some of the most problematic areas of familiarizing with the concept and working of cloud manufacturing involve developing application level technologies that meet all the user requirements, and are adaptable with the existed distributed network for manufacturing. Another key challenge faced by organizations is the access to such machinery and equipment that allows them to utilize the unique system of manufacturing.
Cloud Manufacturing Dissertation Aims and Objectives
To develop a holistic framework and appreciate the concept of cloud manufacturing by examination of all the relevant data, to structure a comprehensive understanding on the research topic.
To analyze the transformation of cloud computing to cloud based manufacturing and design, and its integration with the global manufacturing networks.
To investigate the concept of cloud manufacturing, and relate with the different stages of development, design procedures, deployment models, manufacturing paradigms and maintenance.
To assess and illustrate the numerous applications of cloud manufacturing, and the scope and global impact of on-demand-supply of data and services through the cloud network.
Finally, to demonstrate how future products, services and organizations will be influenced by cloud manufacturing, and to delve deeper in to the ongoing research that will shape the future of cloud based manufacturing.
1 – Introduction
Aims and Objectives
Background of Research Topic
Significance of Research
2 – Literature Review
Aims and Objectives
Cloud Computing Paradigm
Cloud Computing Hierarchy
Advantages of Cloud Computing
Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money on running and maintaining data centers
Go global in minutes
Product Lifecycle Management
Paradigms of Manufacturing Systems
Central production planning / manufacturing systems
Computer-Aided Design (CAD) / Computer-Aided Manufacturing (CAM)
Computer integrated manufacturing (CIM)
Cloud-Based Design and Manufacture (CBDM)
Characterization of CBDM
Physical resource providers (PRPs)
Infrastructure as a Service
Platform as a Service
Software as a Service
Benefits of Cloud Manufacturing
For the Economy
For the Supply-Chain
For the Workforce
For Big Data
Applications of CM
3 – Research Methodology
Aims and Objectives
Justification for Selection of Interpretive Philosophy
Justification of selection of Inductive
Justification for Selection of Exploratory
Justification for Selection of Qualitative Analysis
Data Collection Methods
Primary Methods of Data Collection
Secondary Methods of Data Collection
4 – Findings and Analysis
Aims and Objectives
Rationale for Manufacturing Solutions
Challenges and Trends
Big Data Management
Cloud Agile Manufacturing – Concept
Cloud Agile Manufacturing – Pros and Cons
Integrate the cloud
Manufacturing Execution Systems of Cloud Connect
Current Progress in CM
5 – Conclusion
6 – Future Work
Information, Communication and Cyber Security
Managing Cloud Based Intrusion Detection Systems (IDSs) in Large Organizations
Intrusion Detection Systems (IDSs) are becoming the important priority to secure the organizations’ IT resources from potential damages. However, organizations experience a number of challenges during IDS deployment. The preliminary challenges of IDS deployment involve product selection according to organizational requirements and goals followed by IDS installation. IDS installations frequently fail due to resource conflicts and the lack of expertise necessary for the successful installation. Post installation phases of IDS involve a number of challenges associated with proper configuration and tuning that requires advance skills and supports. Organizations can overcome many obstacles of product installation and IDS configuration through maintaining a test-bed and phased deployment. Once IDS is operational, IDS data undergo various levels of analysis and correlation. To perform data analysis tasks, administrators require advance programing and networking skills and an in-depth knowledge on organizational network, security, and information architecture. Sometimes large organizations need to correlate data from multiple IDSs products. One potential solution to that is the use of SIEM (Security Information and Event Management) software. Organizations also need to ensure the security and integrity of various IDS components and data. Agents’ and data security can be overcome by maintaining a more autonomous design in the agent structure and incorporating appropriate formats, protocols, and cryptographic arrangements in different phases of data lifecycle. IDS products require ongoing human interaction for tuning, configuration, monitoring and maintenance. Hence, Organizations need to gather different levels of skills for the proper deployment and operation of IDS products.
Managing Cloud Based Intrusion Detection Systems in Large Organizations
Intrusion detection is the surveillance of computer hosts and associated networks through observing various events and identifying signs of unauthorized and unprivileged accesses and other anomalous activities that can compromise the confidentiality, availability, and integrity of the system (Singh, Gupta, & Kumar, 2011; Sundaram, 1996; Lasheng & Chantal, 2009). With rising number of malicious attacks on organizational information network, intrusion detections and security incident responses have become the key priorities to organizational security architecture since the widespread industrial adoption of network during the 1990s (Yee, 2003). Today, the placement of a dedicated intrusion detection system (IDS) in organizational IT system is one of the important considerations for organizations (Werlinger, et al., 2008). The aim of intrusion detection system is to ensure adequate privacy and security of the information architecture and save IT resources from potential damages from various internal and external threats (Scarfone & Mell, 2007). Intrusion detection systems (IDSs) monitor and record activities or events in computer and network environment and then analyze them to identify the intrusion.
With industry’s wide spread adoption, intrusion detection systems have become the de facto security tools in corporate worlds. Major organizations and governmental institutions have already deployed or on the verge of deploying IDSs to secure their corporate networks. However, the deployment of IDS, particularly in the distributed network of a large organization, is a non-trivial task. The complexity and the time required for installation depends upon the number of machines that need to be protected, the ways those machines are connected to the network, and the depth of surveillance the organizations need to achieve (Iheagwara, 2003; Innella, McMiIlan & Trout, 2002). As a result, large organizations need elaborate planning during different phases of IDS deployment, including during product evaluation and testing, suitable placement of IDS agents and managers, configuration of IDS components, integration of IDSs with other surveillance products, etc. (Bye, Camtepe, & Albayrak, 2010; Bace & Mell, 2001) The aim of this paper is to discuss various challenges associated with IDS deployment in large-scale distributed network of big corporations. Particular emphases are given to the various challenges associated with the management of agents, collection of agent data, and the correlation of IDS data to identify possible intrusions in large scale distributed networks. The paper will also discuss various “real-world” encounters during different stages of IDS deployment, such as, during evaluation of products, IDS installation and configuration, management and ongoing operation, etc. and make necessary recommendations to overcome those difficulties.
Why are Intrusion Detection Systems Required for Large Organizations?
Networks are ubiquitous in today’s business landscape. Organizations harness network power to develop sophisticated information system, to utilize distributed and secured data storage, and to provide valuable web-based customer services. Software vendors provide their applications to the end users through networks. Networks allow employees to gain remote accesses to their offices or organizational resources. These proliferations of network activities have flooded the internet with different classes of cyber threats, including different classes of hackers, rogue employees, and cyber terrorists. A significant number of these threats derive from competitor organizations seeking to exploit organizational resources or to disrupt productivity and competitive advantages. In recent years, the proliferation of heterogeneous computer networks, including a vast number of cloud networks, has increased the amount of invasive activities. Today cloud based e-commerce sites and business services are major targets of attackers. The damaging costs resulting from cyber-attacks are substantial. The traditional prevention techniques, such as secured authentication, data encryption, various software and hardware firewalls are often inadequate to prevent these threats (Rao, Pal, & Patra, 2009; Anderson, Frivold, & Valdes, 1995). Various kinds of system vulnerabilities are undeniable or typical features of computer and network systems. The intruders frequently search for various weaknesses of defensive products, such as a subtle weak point in the firewall configuration, or a loosely defined authentication mechanism. Hence, the investment in an intrusion detection system within an organization’s security architecture as a second line defense mechanism can increase the overall security postures of the system.
Overview of IDS
A distributed agent-based architecture consists of two main components–i) IDS agents and ii) the management server (Beg, Naru, Ashraf, & Mohsin, 2010). An agent is a software entity that perceives different aspects of its location (networks and hosts) and capable of acting itself according to the supplied protocols (Boudaoud et al., 2000; Mell et al., 1999). Intrusion Detection Systems agents work independently (Brahmi, Yahia, & Poncelet, 2011), interact with central management servers, follow protocols according to the systems’ requirements, and collaborate with other agents in an intelligent manner (Lasheng, & Chantal, 2009). The management server is the cornerstone of an IDS that facilitates centralized management of IDS components. This includes tuning, configuration and control of distributed agents; aggregation and storage of data sent by various agents; correlation of distributed data to identify intrusions; and the generation of alerts (Chatzigiannakis et al., 2004). The central node also performs any update and upgrading of the system (Chatzigiannakis et al., 2004). In case of a mobile agent based distributed IDS, the management server also responsible for dispatching agents and maintaining communication with them. The difference between a normal and a distributed agent based Intrusion Detection Systems is that in a distributed IDS, the significant part of analysis tasks are performed by the agents situated across the network. The agents maintain a flat architectural structure communicating only the main results to the central server as opposed to sending all data to the central node through a hierarchical structure.
Based on the locations on which IDS agents are distributed, IDSs can be categorized into two broad classes–hosts based and network based.
Host based IDS. A host intrusion detection system (HIDS) is installed and run on an individual host where it investigates all inbound and outbound packets associated with that host to identify intrusion (Singh, Gupta, & Kumar, 2011; Neelima & Prasanna, 2013). Besides network packets, HIDSs also monitor various system data, such as event logs, operating system processes, file system integrity, and unusual changes to various configuration settings (Scarfone & Mell, 2007; Bace & Mell, 2001; Kittel, 2010). The architecture of a host based IDS is very straight forward. The detection agents are installed on the hosts, and the agents communicate over the existing organizational network (Scarfone & Mell, 2007). The event data are transmitted to the management server and are manipulated through a console or command line interface (Scarfone & Mell, 2007; Ghosh & Sen, 2005). Host-based IDSs have greater analysis capabilities due to the availability of dedicated resources to the IDS (i.e., processing, storage, etc.) and hence work with a greater degree of accuracy (Bace & Mell, 2001; Garfinkel & Rosenblum, 2003). However, HIDSs have some limitations. Installation, configuration, and maintenance of the IDS must be performed in each host individually, which is extremely time consuming (Scarfone & Mell, 2007; Bace & Mell, 2001). HIDSs are also vulnerable themselves due to their poor real-time responses (Bace & Mell, 2001; Kozu.shko, 2003). However, host based IDSs are excellent choices for identifying long term attacks (Kozushko, 2003).
Network based IDS. Network based IDSs identify intrusions through analyzing traffics of a dedicated organizational network in order to secure the associated hosts from malicious attacks (Bace & Mell, 2001). Instead of investigating various activities within the hosts, network based IDSs focus only on packet streams that travel through the network. Network IDSs investigate network, transport, and application protocols and the various network activities, such as port scanning, connection status, port access, etc. to determine attacks. In a network based IDS, multiple sensors or agents are placed on various strategic points on the network (Singh, Gupta, & Kumar, 2011) where they guard a particular segment of network (Scarfone & Mell, 2007), perform local analysis of traffics with the associated hosts, and communicate the results to the central management server. The results from various agents are coordinated to identify planned distributed attacks within the organizational network. ( Bace & Mell, 2001). Network based IDSs are faster to implement and more secured than host-based IDSs. However, there are some disadvantages of NIDSs. One of them is the frequent dropping of packets which normally occurs in a network with high traffic density or during the periods of high network activities (Bace & Mell, 2001; Chatzigiannakis et al., 2004). Network based IDSs are unable to process encrypted information, which is a major drawback in monitoring virtual machine hosts (Bace & Mell, 2001). Network based IDSs only identify signs of attacks but cannot ensure whether the target host is infected (Bace & Mell, 2001), and thus, the manual investigation of host is necessary to trace and confirm associated attacks.
IDS Classification According to the Detection Approaches
According to the mechanism of or approaches to intrusion detection, IDSs can be classified further into two categories: i) anomaly based detection system and ii) misuse or signature based detection system.
Anomaly based detection system. Anomaly detection system is based on the principle that all intrusions are linked with some deviations of normal behavioral patterns (Maciá-Pérez et al., 2011; Ghosh & Sen, 2005; Abraham & Thomas, 2005; Singh, Gupta, & Kumar, 2011). It identifies intrusions by comparing the patterns of suspicious events against the observed behavioral patterns of the monitored system (Beg, Naru, Ashraf, & Mohsin, 2010). The anomaly detection programs collect historical data from the system and construct individual profiles that represent normal patterns of host and network utilization (Bace & Mell, 2001). The constructed database along with appropriate algorithm is used to verify the consistency of the network packets. Anomaly detection agents are preferable in that they can detect attacks that are completely unrecognized before (Beg, Naru, Ashraf, & Mohsin, 2010; Kozushko, 2003). However, the rates of false positive generated by the agents are very high (Ghosh & Sen, 2005; Brahmi et al., 2012), and intruders may disguise themselves by mimicking acceptable behavioral patterns (Ghosh & Sen, 2005).
Misuse or signature based detection system. Misuse detection approaches depend upon the records of existing system vulnerabilities and known attack patterns (Abraham & Thomas, 2005). Misuse detection systems generate fewer false positives compared to the anomaly detection systems (Ghosh & Sen, 2005; Faysel & Haque, 2010). They are also easy to operate and require minimum human interventions. However, misuse detection techniques are vulnerable to new attacks that have no known signature or matching pattern (Brahmi, Yahia, & Poncelet, 2011; Ghosh & Sen, 2005). So, the signature database of a misuse detection system needs to be frequently updated to recognize the most recent attacks (Scarfone & Mell, 2007).
IDS Design and Development Challenges
Challenges in Managing Intrusion in Distributed Network
In recent years, security concerns are shifting from host to network due to the proliferation of internet based services, distributed work environment, and heterogeneous networks. The majority of the current IDS vendors are adopting network based and distributed approaches to security in their products (Suryawanshi et al., n. d.). However, there are a number of limitations to most of the distributed IDSs. Firstly, the monitoring agents from the distributed hosts and network send event data to the centralized controller components (Suryawanshi et al., n. d.; Brahmi, Yahia, & Poncelet, 2011; Kannadiga & Zulkernine, 2005). Because of the centralized data analysis performed, these systems are vulnerable to a single point of failure (Bye, Camtepe, & Albayrak, 2010; Zhai, Hu, & Weiming, 2014; Brahmi et al., 2012; Tolba et al., 2005; Araújo & Abdelouahab, 2012). Secondly, the architecture of these systems consists of a hierarchical tree-like structure with the main control system at the root level, sensor units at transient or leaf nodes and information aggregation units at some internal nodes. Information collected from local nodes is aggregated at the root level to obtain a global view of the system (Brahmi et al., 2012). Large scale data transfer from transient nodes to the central controller unit during the aggregation process can create network overloads (Suryawanshi et al., n. d.).
These results in a communication delay and an inability to detect large scale distributed attacks efficiently in a real-time manner (Brahmi et al., 2012). In order to overcome these limitations, recent IDSs incorporate various technologies supporting agent-based data analysis and intrusion detection, where agents perform most analysis tasks and send only the important data to the centralized nodes directly through a flat communication structure. Multi-agent based distributed intrusion detection systems (DIDS) are partly autonomous systems capable of self-configuring upon changing contexts of network and hosts and disseminating their analytical capabilities in different corners of network in a distributed manner (Gunawan et al., 2011; Tierney et al., 2001). Through adopting a hybrid approach, such as both the network and host monitoring as well as implementing both anomalous and signature detection methods, distributed agents can coordinate the results of hosts and networks more accurately and perform more comprehensive intrusion detection (Abraham & Thomas, 2005; Brahmi et al., 2012).
Major Challenges with Distributed IDS
The most important challenges associated with distributed IDSs are the correct placement of agents (Sterne et al., 2005). Large number of misplaced agents can drive inefficiency and therefore agent locations must be justified through proper investigation of network topology, such as the characteristics of routers and switches, number of hosts, etc. (Chatzigiannakis et al., 2004). Another major challenge is how the heterogeneous data from different sensors should be collected and analyzed to identify an attack (Chatzigiannakis et al., 2004; Debar & Wespi, 2001). Furthermore, being distributed in nature, agents are vulnerable to become compromised themselves. Agents need to follow a common communication protocol and transfer data to centralized server securely without producing too much extra traffic (Chatzigiannakis et al., 2004). Agents’ security and integrity also largely maintained and ensured by the management server. Hence, securing the management server is an important task for the overall security of an IDS. Organizations should consider a dedicated server for the entire management host (Wotring, 2010), which will lower the number of accesses in the server and eventually reduce the exposure to vulnerability. Further restrictions to both physical and network accesses in the management server must be incorporated through proper authentication mechanism and physical restrictions to the server areas. Sometimes the management server can be put behind a dedicated firewall to enhance the security status (Wotring, 2010; Brennan, 2002).
Deployment Challenges of IDS
Consideration before Deploying an IDS
Due to the various limitations of IDS products and a lack of skilled network security specialists in the market, IDS deployment in large organizational network involves substantial challenges. A successful IDS deployment requires elaborate planning, requirement analysis, prototyping, testing, and training arrangement (Bace & Mell, 2001). A requirement analysis is conducted to prepare an IDC policy document that demonstrates the organization’s structure and resources and reflects its IDS strategies, security policies, and goals (Bace & Mell, 2001). Before specifying organizational requirements, it should be borne in mind that an IDS is not a standalone security application, and the main objective of an IDS is to monitor traffic on the organization’s internal network in order to complement existing security controls (Werlinger, et al., 2008).
Specifying system architecture. Before evaluating and selecting an IDS product, organizations should specify the important requirements for which they seek a potential IDS solution. In order to accomplish this goal, organizations may plan and document important properties of their system, such as –i) system and network characteristics; ii) network architecture diagram; iii) technical specifications of the IT environment, including the operating systems, typical services, the applications running on various hosts, etc.; iv) technical specifications of security structure, including existing IDSs, firewalls, antivirus tools, and various hardware appliances; v) existing network communication protocols; etc. (Scarfone & Mell, 2007; Brandao et al., 2006). These considerations will help organizations to determine which type of IDS is necessary to give optimum protections of their systems.
Specifying goals. Once the system architecture and general requirements of the system is documented, the next steps is to specify technical, operational, and business related security goals that the organization wants to achieve by implementing an IDS (Bace & Mell, 2001; Scarfone & Mell, 2007). Some of these goals may be i) guarding the network from particular threats; ii) preventing unprivileged accesses; iii) protecting important organizational assets; iv) exerting managerial controls over the network; v) preventing violations of security or IT policies through observing and recording suspicious network activities; etc. (Scarfone & Mell, 2007). Some security requirements may have implications with organizational culture; such as, the organization that maintains a high degree of formalization in its culture may look for IDSs suitable for various formal policy configurations and extensive reporting capabilities regarding policy violations (Bace & Mell, 2001). A few security goals may derive from external requirements that the organizations may need to achieve, such as legal requirements for the protection of public information, audit requirements for security practices, or any accreditation requirement (Bace & Mell, 2001). There may be industry specific requirements, and organizations need to ensure whether the proposed IDS can meet those (Bace & Mell, 2001).
Specifying constraints. IDSs are typically resource intensive applications that need substantial organizational commitments. The most important constraints that organizations need to take into account are the budgetary considerations for the acquisition of software and hardware, infrastructure development, and for the ongoing operation and maintenance. Organizations should identify IDSs’ functional requirements or the users’ skill requirements to operate them effectively (Bace & Mell, 2001). Organizations that will not be able to incorporate substantial human resources in IDS monitoring and maintenance activities should choose an IDS that is more automated and requires little staff time (Scarfone & Mell, 2007).
Product Evaluation Challenges
The evaluation of an IDS product is the most challenging aspect on which the success of intrusion detection depends. Today there are a range of commercial and public domain products available for deployment (McHugh, Christie, & Allen, 2000). Each product has distinct drawbacks and advantages. While some products work well in particular types of organizational network, some IDSs may not produce desired results in certain industrial settings. In order to overcome these challenges, organizations must evaluate an IDS product in terms of their system resources and protection requirements (McHugh, Christie, & Allen, 2000). Vendor-specific information, product manuals, whitepapers, third-party reviews, and information from other trusted sources can be valuable resources during the product evaluation (Scarfone & Mell, 2007). IDSs’ detection accuracy, usability, life cycle costs, vendor supports, etc. are some of the most critical aspects during product evaluation. Other features that must be taken into account are security, interoperability, scalability and reporting capabilities (McHugh, Christie, & Allen, 2000; Scarfone & Mell, 2007).
Product performance. The performance of IDS is the measure of event processing speed (Debar, Dacier, & Wespi, 1999). The performance feature of IDS products must take a very high degree of attention, as the anomalous or suspicious events must be detected in real-time and reported as soon as possible to minimize damages (Mell et al., 1999; Scarfone & Mell, 2007). Network based IDSs normally suffer from performance problems, particularly where IDSs have to monitor heavy traffic associated with lots of hosts in a distributed network (McHugh, Christie, & Allen, 2000). The performance of IDSs also largely depends on extensive configuration and fine-grained tuning according to the network architecture (Scarfone & Mell, 2007), and testing IDSs with default settings may not represent original performance of the product. These make the evaluation of the product performance extremely challenging. In addition, IDSs with more robust detection capabilities will consume more processing and storage, which can cause the performance loss (Scarfone & Mell, 2007; Yee, 2003). Hence, the scalability feature that allows IDSs dynamically allocate processing power and storage can be one of the important performance evaluation criteria (Mell et al., 1999).
Security considerations. During the evaluation of an IDS product, various technologies and features associated with product security must be taken into account, such as protection of stored data, protection of transmitted data during communication between various IDS components, authentication and access control mechanisms, IDS hardening features after product installation, etc. (Scarfone & Mell, 2007). Organizations need to identify whether the IDS is resistant to external modifications (Kittel, 2010). This can be accomplished by checking various features, such as the level of isolation (in case of VMI base IDS) (Kittel T, 2010); cryptographic arrangements during inter-agent communication (Mell et al., 1999); isolated monitoring features; (Kourai & Chiba, 2005); etc.
Interoperability, scalability, and reporting features. Interoperability is one of the key challenges for security specialists who aim to develop sophisticated enterprise security architecture incorporating the industry’s leading tools (Yee, 2003). Through interoperability features, IDSs from various platforms are able to correlate their results and effectively communicate data with firewalls and security management tools to enhance the overall surveillance status of the system (Yee, 2003; Scarfone & Mell, 2007). While the interoperability feature provides IDSs with the capabilities to integrate their strengths among multiple security products, the scalability feature helps to incorporate more capabilities within a single IDS product as the organizational requirements grow. For large organizations, IDSs must be able to dynamically allocate processing and storage or be able to implement more agents and various IDS components with the extending demands (Mell et al., 1999). The number of agents implementable in a single management server and the number of management servers in a particular stance of deployment may reflect an IDS’s scalable capacity (Scarfone & Mell, 2007). Another feature that reflects more of the usability than the functionality of an IDS is its reporting capabilities. Technical IDS data needs to be presented in a comprehensible format to the corporate users with various skill levels (Werlinger, et al., 2008). The reporting functionalities help tailoring and presenting data in users’ intended and convenient ways. IDSs should facilitate a comparative view of various states over time, such as before and after the implementation of major changes to the configuration, etc. (Werlinger, et al., 2008).
IDSs maintenance and product supports. Because maintenance activities take substantial overheads in operating IDSs, organizations should give various maintenance considerations as the important priorities during an IDS product selection. These include the requirement of independent versus centralized management of agents; considerations of various local and remote maintenance mechanisms, such as host based GUI, web-based console, command line interfaces, etc.; security protections during various maintenance activities, such as securely transmitting, storing, and backing up IDS data; ease of restoration of various configuration settings; ease of log file maintenance; etc. (Scarfone & Mell, 2007).
Organizations require various levels of supports and should identify vendors’ ability in providing active supports according to the requirements during various stages of installation and configuration (Bace & Mell, 2001; Scarfone & Mell, 2007). Apart from on-demand and direct supports, organizations should check whether the vendors maintain users’ groups, mailing lists, forums and similar categories of support in a free of cost manner (Scarfone & Mell, 2007). The quality and availability of various electronic and paper based support documents, such as installation guides, users’ manuals, policy recommendation principles and guidelines, etc. are some of the typical features on which an IDS product can be justified in considerable extents (Scarfone & Mell, 2007). Organizations also need to carefully evaluate various costs associated with the support structure (Bace & Mell, 2001). A significant part of IDSs’ costs normally derives from the hidden costs associated with professional support services during IDS implementation and maintenance, including the training costs for both the administrators and IDS users (Yee, 2003; Bace & Mell, 2001). Organizations also need to recognize the costs of updates and upgrades if they are not free (Bace & Mell, 2001). In addition, the vendors’ capabilities to frequently release updates and patches as well as their capabilities to release the updates in a timely manner in response to new threats; conveniences of collection of each update; available means to verify the authenticity and integrity of individual updates; the effects of each update and upgrade with existing configurations of the IDS; etc. also need to be considered (Scarfone & Mell, 2007).
IDS Installation and Deployment Challenges
The biggest hurdle of IDSs is associated with the installation of the software (Werlinger, et al., 2008). IDS installations require the involvement of security specialists with a broad knowledge on IT and network security and protocols and an in-depth understanding on the organizational structure, resources, and goals (Werlinger, et al., 2008; McHugh, Christie, & Allen, 2000). Unlike other security products installations, an IDS installation is a time consuming and complex process, and the administrators have to face plenty of issues during the installation period. For example, the entire installation may crash in the middle of the installation, or the IDSs may produce inconsistence error messages that are difficult to deal with (Werlinger, et al., 2008). Due to these reasons, careful documentations of various problems and installation information (e.g., various parameters and settings) are necessary during installation, which can save valuable time and resources over the long run (Innella, McMiIlan & Trout, 2002). The amount of tasks and efforts necessary to install an IDS in a specific network can be daunting and overwhelming (Werlinger, et al., 2008). Hence, the availability of automated features in the Intrusion Detection Systems, such as automatic discovery of network devices, faster and more automated tuning options, and quick configuration supports through grouping related parameters, etc. can overcome the challenges with manually performing those tasks (Werlinger, et al., 2008).
Organizations should consider testing IDSs in a simulated environment before placing them in the actual network to overcome various challenges associated with large and complex network (Werlinger, et al., 2008; Scarfone & Mell, 2007). Some of these challenges are: i) the IDS software or network may crash during installation or testing periods due to the resource conflicts within various parts of the network (Scarfone & Mell, 2007), ii) IDS installation may alter the network characteristics undesirably, or iii) problems during the installation may keep the network temporarily unavailable. Organizations also need to consider a multi-phased installation by primarily selecting a small part of the network with limited number of hosts, or initially activating a few sensors or agents (Scarfone & Mell, 2007). Both test-bed and multi-phased installations will help security specialists to gain valuable insights through planning and rehearsal processes. This can help them to cope with various challenges associated with the installation, scalability, and configuration related problems (Scarfone & Mell, 2007), such as tuning and configuring properly to get rid of large amount of false alarms or efficiently dealing with huge traffics in a robust network (Werlinger, et al., 2008). Based upon various IDS technologies and the system’s characteristics, IDSs require different level of ongoing human interactions and dedication of resources (Bace & Mell, 2001). A multi-phased installation will help to justify the human resources and time that an organization needs to incorporate (Bace & Mell, 2001).
Configuring and Validating IDS
IDS configuration challenges. Whether an IDS will perform as an effective surveillance tool for an organization relies upon the informed justification of various configuration and tuning options and the dedication of resources based upon the IDS’s requirements (Werlinger, et al., 2008). The administrators require an in-depth knowledge on organizational missions, organizational processes, and existing IT services during the configuration process (Werlinger, et al., 2008). This knowledge is necessary to accustom the IDS according to the system structure, users’ behavior, and network traffic patterns, which will subsequently help to reduce the false positive generated by the IDS (Werlinger, et al., 2008). Initially, these challenges can be overcome during an installation through the collaboration of experts or security specialists administering different areas of network and servers within the distributed network (Werlinger, et al., 2008). Organizations should follow their existing security policies to configure various features of IDSs that may help them to recognize various policy violations (Bace & Mell, 2001). Following are the most important considerations that need to be ensured during IDSs configuration.
Justifying the placement of agents to guard mission critical assets (McHugh, Christie, & Allen, 2000);
Installing most up-to-date signatures and updates during the initial stages of installation (McHugh, Christie, & Allen, 2000);
Creating users’ accounts and assign roles and responsibilities (McHugh, Christie, & Allen, 2000);
Customizing filters to generate appropriate levels of alerts;
Determining IDS’s alert handling procedures and correlating alerts with other
IDSs (if exist), existing firewalls, and the system or application logs (McHugh, Christie, & Allen, 2000). The interoperability features of IDSs and the use of common alert formats will allow the administrators to integrate data and alerts (McHugh, Christie, & Allen, 2000).
Security hardening and policy enforcement. Sometimes IDSs may be the attackers’ primary targets, and security hardening is necessary to ensure IDSs’ safety (Scarfone & Mell, 2007). The important tasks during security hardening involve; i) hardening IDSs through implementing latest patches and signature updates immediately after installation; ii) creating separate users’ accounts for general users and administrators with the appropriate level of privileges (Scarfone & Mell, 2007); iii) controlling access to various firewalls, routers, and packet filtering devices; iv) securing IDS communication by implementing suitable encryption technology (Scarfone & Mell, 2007); etc.
Ongoing Operation and Maintenance Challenges
Monitoring, operation, and maintenance of distributed IDSs are normally conducted remotely through the management console or GUI (i.e., menus or options). In addition, command line interfaces may facilitate local management of IDS components. Ongoing operation and maintenance of IDSs are substantial challenges for organizations, which require basic knowledge on system and network administration, information security policies, various IDS principles, organizations’ security policies, and incidence response guidelines (Scarfone & Mell, 2007). Sometimes, there requires some advance skills, such as advance manipulating skills (e.g., report generation) and programming skills (e.g., code customization). The most important operation and maintenance activities are:
performing monitoring, analysis, and reporting activities;
managing IDSs for appropriate level of protections, such as re-configuring IDS components with the necessary changes to the network, applying updates, etc.; and
managing skills for ongoing operation and maintenance. (Scarfone & Mell, 2007).
Monitoring, analysis and reporting. Successful monitoring of IDSs involves monitoring of network traffics and the proper recognition of suspicious behavior. The important tasks during ongoing monitoring includes i) monitoring various IDS components to ensure security (Scarfone & Mell, 2007); ii) monitoring and verifying different operations, such as events processing, alert generations, etc. (Scarfone & Mell, 2007); and iii) periodic vulnerability assessments. IDSs’ vulnerability assessments are conducted through appropriate level of analyses by incorporating various IDS features and tools and by correlating agents’ data (Scarfone & Mell, 2007). For ease of monitoring, IDSs require to generate reports in readable formats, which is done through various levels of customization of views (Scarfone & Mell, 2007). Because monitoring and maintenance involve substantial human interventions, these can consume lots of staff time and resources. Organizations can overcome these challenges in two major ways: i) customizing and automating tasks to enhance control over maintenance activities (Scarfone & Mell, 2007) and ii) incorporating smart sensors that work autonomously in the network to analyze the traffics and recognize trends and patterns (Scarfone & Mell, 2007).
Applying updates. Regular IDS updates need to be implemented in order to achieve appropriate protections for both IDSs and the system. Security officials need to check vendors’ notifications of security information and updates periodically and apply them as soon as they are released (Scarfone & Mell, 2007). Both software updates and signature updates are important for IDS security and appropriate functioning. A software update provides bug fixes and new features to the various components of an IDS product, including sensors or agents, management servers, consoles, etc. (Scarfone & Mell, 2007). A signature update enhances IDSs’ detection capabilities through updating configuration data. Hackers can alter the code of updates; so, verifying the checksum of each update is crucial before applying the update (Scarfone & Mell, 2007; Mell et al., 1999; Hegarty et al., 2009). Apart from software updates, organizations need to justify the positioning of IDS agents and components and ensure their optimal placement by periodically reviewing the network configurations and changes (McHugh, Christie, & Allen, 2000).
Retaining existing IDS configurations is a vital consideration before applying an update. Usually, normal updates will not change existing IDS configurations. But, IDS codes that are tailored and customized by the administrators to incorporate desirable functionalities may be altered during code updates. However, administrators should save and backup both customized codes and configuration settings before applying updates (Scarfone & Mell, 2007). Drastically applying updates to the IDS system or components also poses certain challenges. New signatures or detection capabilities can cause a sudden flooding of alerts (Scarfone & Mell, 2007). To detect and overcome the problematic signature from the updates, administrators should test the signature and software updates in a smaller scale or within a specific host or agent (Scarfone & Mell, 2007).
Generating skills. The ongoing operation and maintenance of IDSs and the appropriate utilization of IDS data require security officials with a set of skills and knowledge. Security teams of many organizations are unable to conduct customization or tuning of IDS products based on the IDS data in their own networks within reasonable time frame (Werlinger, et al., 2008). To ensure the effective manipulation of IDSs in both the user and administrator levels, organizations must consider providing training to all stakeholders involved in IDSs operations. This includes acquiring skills on general IDS principles, operating consoles, customizing and tuning IDS components, generating reports, etc. (Scarfone & Mell, 2007). Organizations should take available training options into considerations according to the users’ needs and conveniences, such as online training, CBT, instructor-led training, lab practices, hands-on exercises, etc. (Scarfone & Mell, 2007). Organizations may also utilize various information resources (Scarfone & Mell, 2007), such as various electronic and paper based documents (e.g., installation guides, users’ manuals, policy recommendation principles and guidelines, etc.) to generate skills required during installation and maintenance activities (Scarfone & Mell, 2007).
Managing Distributed Intrusion Detection System Agents
Managing Agents in a Distributed Environment
Different distributed IDS architecture consists of varieties of role-based agents, such as sniffer, filter, misuse detection, anomalous detection, rule mining, reporter agents, etc. (Scarfone & Mell, 2007; Anderson, Frivold & Valdes, 1995). The distribution of intrusion detection tasks among agents substantially reduce IDSs’ operation loads and increase performance. However, one challenge associated with distributed IDSs is the management of large number of agents. IDS agents in many global companies sit on different geographical regions (Innella, McMiIlan & Trout, 2002). To optimize IDSs’ performance and save valuable resources, large organizations need to justify the options between centralized versus distributed management of agents (Innella, McMiIlan & Trout, 2002). If the management of an IDS does not involve several administrators or a hierarchical structure, a centralize approach of IDS management can provide number of benefits over distributed management (Innella, McMiIlan & Trout, 2002). First, it simplifies the network structure and reduces the vulnerability points through reducing the requirement of multiple agents and sensors. Second, the simplified structure will reduce the management costs and other overheads (Innella, McMiIlan & Trout, 2002). Overall, it reduces the network data transportation costs through minimizing the travel of agent data to multiple IDS managers. Organizations should choose the most efficient approach to data collection, and a centralized management can facilitate administrators to coordinate multiple IDSs or agents efficiently through the smooth and uncluttered network (Innella, McMiIlan & Trout, 2002).
Another challenge of managing distributed agents is to ensure agents’ integrity. Hosts must ensure that the agents are free of malicious codes before permitting them to operate on the platform. This is done by signing agents’ codes, i.e., incorporating valid certificates against which the hosts check the integrity of an agent (Krugel & Toth). Agents are vulnerable to modification during its transmission (Krugel & Toth). Applying an appropriate encryption method during agent transmission can overcome the barrier.
In case of mobile agents in distributed IDS, the central management server dispatches varieties of agents to different nodes of the network. A single mobile agent may carry on multiple functionalities which incorporate large amount of codes into the agent’s structure and attribute some limitations on its mobility (Krugel & Toth). A substantial part of these codes are associated with hosts’ operating system specific functionalities (Krugel & Toth). To overcome this limitation, i.e., to keep the agents small in size, only generic codes can be incorporated into the agent’s structure and the operating system dependent codes into the hosts themselves (Krugel & Toth).
Managing Interactions and Communications between Agents
Agents need to communicate each other to maintain the operational consistency. Agents can perform distant communications through creating communication channels among them and then exchanging messages (Brahmi, Yahia, & Poncelet, 2011). Agents interact with each other using an ACL (Agent Communication Language) language (Brahmi, Yahia, & Poncelet, 2011). Information can be sent in text formats using standard and secured protocols (Brahmi, Yahia, & Poncelet, 2011). In some distributed IDS architecture, a mobile agent can directly visit to a particular host, deploy itself on that host, and then exchange required messages (Brahmi, Yahia, & Poncelet, 2011). Upon receiving the messages, the deployed agent can return to the place of its origin or visit another host as required (Brahmi, Yahia, & Poncelet, 2011).
Collecting and Correlating IDS Agent Data
Collection and Storage of Distributed Data
Data collection, aggregation, and storage are vital concerns for effective manipulation and correlation of events data (Innella, McMiIlan & Trout, 2002). Before data aggregation, organizations need to determine which types of data should be collected and preserved. Distributed IDSs place agents in different corners of the network, where agents collect representative data in a distributed manner according to the organizations’ interests (Holtz, David, & de Sousa Junior, 2011). Once collected, data is filtered and analyzed and inferred locally by the agents. Agents normally send only those data to the management sever that are meaningful. However, the responsibility of distributed IDSs or distributed agents is not only to collect network packets but also audit data traces from the associated hosts, such as logs generated by applications, operating systems, and other defensive software (Holtz, David, & de Sousa Junior, 2011). Organizations need to determine whether all these data will be sent to the management server. For security reasons, IDSs log data should be preserved both locally and centrally (Scarfone & Mell, 2007).
Another challenge of data storage is to determine how long the log data should be preserved. Day-to-day accumulated log data can quickly overrun the capacity of data storage. Organizations may need to store IDS data accumulated in as much as two years period (Innella, McMiIlan & Trout, 2002), and conveniently storing these enormous amount of log data in the centralized server of a distributed IDS is challenging (Scarfone & Mell, 2007). To overcome the barrier of data storage, a number of researchers suggested incorporating cloud based data storage in the IDS architecture for scalability, flexibility, and ease of access (Scarfone & Mell, 2007; Alharkan & Martin, 2012; Chen et al., 2013).
Data storage is not only associated with volume issues, other issues, such as storage management and the level of security applied to the data also implies a great deal of challenges. IDS data is vulnerable during transmission and during storage. To ensure authenticity and integrity of collected data, suitable cryptographic arrangements are made during transmission and storage of agent data (Holtz, David, & de Sousa Junior, 2011; Cloud Security Alliances, 2011, Catteddu & Hogben, 2009). Cryptographic arrangements in a large scale system can be managed effectively by deploying the enterprise wide Public Key Infrastructure (PKI) (Sen, 2010; Tolba et al., 2005).
Analyzing Intrusion Detection System Data
The administrators often need to carry out various analysis tasks through data fusion and events correlation in order to identify subtle attacks (Holtz, David, & de Sousa Junior, 2011). Analysis of IDS data requires appropriate manipulation of data originating from the network and hosts. Administrators need sound analysis skills in order to efficiently accomplish this goal. The fundamental unit of IDS data is event (Jordan, 2000). One way IDSs generate alarms is through context sensitive analysis by counting events and determining thresholds. For example, many connections at a certain time is recognized as a SYN flood, or too many different ports visited at a time is recognized as a port scan (Jordan, 2000). Another way to determine an intrusion is through identifying the quality of uncoupled events in terms of their passing of certain criteria, such as the pattern of a pre-recognized signature (Jordan, 2000). In a distributed IDS, the above analysis of IDS data is locally performed by the distributed agents. A more advance analysis is performed in the centralized server through event correlations.
Correlating Agent Data
While the tasks of each agent are to identify network intrusion and suspicious behavior in its associated network segment, the centralized server is responsible for correlating these individual agent data in order to identify planned and distributed attacks on the network (Yee, 2003). The centralized server aggregates agent data for event correlation. In the process of event correlation, if a network packet with inconsistent signature is identified (Jordan, 2000) or an event is recognized as suspicious, the next step is to identify the correlated events demonstrating similar patterns (Jordan, 2000). In order to accomplish this goal, IDSs will constantly search for connections between suspicious and non-suspicious events (Jordan, 2000). Network administrators may need to adopt various analysis techniques (e.g., data fusion, data correlation, etc.) and tools (e.g., honey pots) to successfully carry on the event correlation tasks (Holtz, David, & de Sousa Junior, 2011). However, in a large scale distributed network where each segment of the network poses distinct characteristics and where the hosts are running on heterogeneous environments, associating one suspicious network event with another event generated from a distant network segment is tremendously challenging (Innella, McMiIlan & Trout, 2002). It requires a broad understanding of entire network as well as the effective communication and coordination between security officials responsible for the management of various segments of the network.
Correlating Data from Multiple Intrusion Detection System Products
Correlation of different types of IDS data facilitates the identification of large scale distributed attacks in a coordinated manner (Brahmi et al., 2012; Brahmi, Yahia, & Poncelet, 2011). There are advantages and limitations of each IDS product. A single product cannot ensure the full protection from all kinds of intrusions and malicious activities. Large organizations that have multiple products (either from the same or different vendors) with different detection methods and strategies need to correlate their IDSs’ data to produce maximum benefits from them (Sallay, AlShalfan, & Fred, 2009). A single management interface (or console) can facilitate the coordination, management and control of IDS data coming from multiple IDS products (Scarfone & Mell, 2007). Organizations may need to identify whether the IDS products can directly share and coordinate various kinds of IDS data directly within their management interfaces (Scarfone & Mell, 2007). This normally occurs with different IDS products coming from the same vendor. On the other hand, organizations also need to ensure whether IDSs have interoperability features to share the log files or other output files from other IDSs and security related products (Scarfone & Mell, 2007). This type of coordination among multiple IDSs is normally accomplished by SIEM (Security Information and Event Management) software (Scarfone & Mell, 2007; Chuvakin, 2010).
Abraham, A., & Thomas, J. (2005). Distributed intrusion detection systems: a computational intelligence approach. Applications of information systems to homeland security and defense. USA: Idea Group Inc. Publishers, 105-135.
Alharkan, T., & Martin, P. (2012). IDS aaS: Intrusion detection systems as a service in public clouds. In Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012), 686-687. IEEE Computer Society.
Anderson, D., Frivold, T., & Valdes, A. (1995). Next-generation intrusion detection expert system (NIDES): A summary. SRI International, Computer Science Laboratory.
Araújo, J. D., & Abdelouahab, Z. (2012). Virtualization in Intrusion Detection Systems: A Study on Different Approaches for Cloud Computing Environments. International Journal of Computer Science and Network Security (IJCSNS), 12(11), 10.
Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems. An NIST (National Institute of Standards and Technology) publication
Beg, S., Naru, U., Ashraf, M., & Mohsin, S. (2010). Feasibility of intrusion detection system with high performance computing: A survey. International Journal for Advances in Computer Science, 1(1), 26-35.
Boudaoud, K., Labiod, H., Boutaba, R., & Guessoum, Z. (2000). Network security management with intelligent agents. In Network Operations and Management Symposium, 2000.(NOMS 2000).
Brandao, J. E. M., da Silva Fraga, J., Mafra, P. M., & Obelheiro, R. R. (2006). A WS-based infrastructure for integrating intrusion detection systems in large-scale environments. In Meersman, R., Tari, Z., & Herrero, P. (2006). On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops; proceedings of the OTM Confederated International Conferences, CoopIS, DOA, GADA, and ODBASE 2006, Montpellier, France.
Brahmi, I., Yahia, S. B., Aouadi, H., & Poncelet, P. (2012). Towards a multiagent-based distributed intrusion detection system using data mining approaches.
Brahmi, I., Yahia, S. B., & Poncelet, P. (2011). A Snort-based Mobile Agent for a Distributed Intrusion Detection System. In SECRYPT, 198-207.
Brennan, M. P. (2002). Using Snort for a Distributed Intrusion Detection System. SANS Institute.
Bye, R., Camtepe, S. A., & Albayrak, S. (2010). Collaborative Intrusion Detection Framework: Characteristics, Adversarial Opportunities and Countermeasures.
Catteddu, D., & Hogben, G. (2009). Cloud Computing: benefits, risks and recommendations for information security. European Network and Information Security Agency (ENISA).
Chuvakin, A. (2010). SIEM: Moving Beyond Compliance – Intrusion Detection Systems. White Paper for RSA.
Chen, Z., Han, F., Cao, J., Jiang, X., & Chen, S. (2013). Cloud computing-based forensic analysis for collaborative network security management system. Tsinghua Science and Technology, 18(1), 40-50.
Chatzigiannakis, V., Androulidakis, G., Grammatikou, M., & Maglaris, B. (2004). A distributed intrusion detection prototype using security agents. HP OpenView University Association.
Cloud Security Alliances (2011). Security guidance for critical areas of focus in cloud computing v3.0. A report by Cloud Security Alliance.
Debar, H., Dacier, M., & Wespi, A. (1999). Towards a taxonomy of intrusion-detection systems. Computer Networks,31(8), 805-822.
Debar, H., & Wespi, A. (2001). Aggregation and correlation of intrusion-detection alerts. In Recent Advances in Intrusion Detection, 85-103. Springer Berlin Heidelberg.
Faysel, M. A., & Haque, S. S. (2010). Towards cyber defense: research in intrusion detection and intrusion prevention systems. International Journal of Computer Science and Network Security (IJCSNS),10(7), 316-325.
Garfinkel, T., & Rosenblum, M. (2003). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS,3, 191-206.
Ghosh, A., & Sen, S. (2004). Agent-based distributed intrusion alert system, 240-251.In Proceedings of the Sixth International Workshop on Distributed Computing (IWDC’04), 240–251, Kolkata, India.
Gunawan, L. A., Vogel, M., Kraemer, F. A., Schmerl, S., Slåtten, V., Herrmann, P., & König, H. (2011). Modeling a distributed intrusion detection system using collaborative building blocks. ACM SIGSOFT Software Engineering Notes,36(1), 1-8.
Hegarty, R., Merabti, M., Shi, Q., & Askwith, B. (2009). Forensic analysis of distributed data in a service oriented computing platform. In proceedings of the 10th Annual Postgraduate Symposium on The Convergence of Telecommunications, Networking & Broadcasting, PG Net.
Holtz, M. D., David, B. M., & de Sousa Junior, R. T. (2011). Building Scalable Distributed Intrusion Detection Systems Based on the MapReduce Framework. Revista Telecomunication, 2, 22-31.
Iheagwara, C. (2003). Intrusion Detection Systems–Strategies for improving Performance.
Innella, P., McMiIlan, O., & Trout, D. (2002). Managing Intrusion Detection Systems in Large Organizations.
Jordan, C. (2000). Analyzing Intrusion Detection Systems Data.
Kannadiga, P., & Zulkernine, M. (2005). DIDMA: A distributed intrusion detection system using mobile agents. In Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks (SNPD/SAWN’05), 238-245.
Kittel, T. (2010). Design and Implementation of a Virtual Machine Introspection based Intrusion Detection System.
Kourai, K., & Chiba, S. (2005). HyperSpector: virtual distributed monitoring environments for secure intrusion detection. In Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 197-207.
Kozushko, H. (2003). Intrusion detection: Host-based and network-based intrusion detection systems. Independent study.
Krugel, C., & Toth, T. Applying Mobile Agent Technology to Intrusion Detection.
Lasheng, Y., & Chantal, M. (2009). Agent based distributed intrusion detection system (ABD Intrusion Detection Systems). In Proceedings of the Second Symposium International Computer Science and Computational Technology (ISCSCT ’09), 134-138, Huangshan, P. R. China.
Maciá-Pérez, F., Mora-Gimeno, F., Marcos-Jorquera, D., Gil-Martínez-Abarca, J. A.,
Ramos-Morillo, H., & Lorenzo-Fonseca, I. (2011). Network intrusion detection system embedded on a smart sensor. Industrial Electronics, 58(3), 722-732.
McHugh, J., Christie, A., & Allen, J. (2000). The role of intrusion detection systems. IEEE Software, 17(5), 42-51.
Mell, P., Karygiannis, T., Marks, D., & Jansen, W. (1999). Applying mobile agents to intrusion detection and respons. A publication of National Institute of Standards and Technology (NIST), US Department of Commerce.
Neelima, S., Prasanna, L.Y. (2013). A Review on Distributed Cloud Intrusion Detection System. International Journal of Advanced Technology & Engineering Research (IJATER),3(1), 116-120.
Rao, K. R., Pal, A., & Patra, M. R. (2009). A service oriented architectural design for building intrusion detection systems. International Journal of Recent Trends in Engineering and Technology,1(2), 11-14.
Sallay, H., AlShalfan, K. A., & Fred, O. B. (2009). A scalable distributed Intrusion Detection Systems Architecture for High speed Networks. International Journal of Computer Science and Network Security (IJCSNS), 9(8).
Scarfone, K., & Mell, P. (2007). Guide to intrusion detection and prevention systems (IDPS). NIST special publication, Technology Administration, U.S. Department of Commerce.
Sen, J. (2010). An Agent-Based Intrusion Detection System for Local Area Networks. International Journal of Communication Networks and Information Security (IJCNIS), 2(2), 128-140.
Singh, R. R., Gupta, N., & Kumar, S. (2011). To reduce the false alarm in intrusion detection system using self-organizing map. International Journal of Soft Computing and Engineering (IJSCE), 1(2), 27-32.
Sterne, D., Balasubramanyam, P., Carman, D., Wilson, B., Talpade, R., Ko, C. & Bowen, T. (2005). General cooperative intrusion detection architecture for MANETs. In Proceedings of the Third IEEE International Workshop on Information Assurance, 57-70.
Sundaram, A. (1996). An introduction to intrusion detection. Crossroads, 2(4), 3-7.
Suryawanshi, G. R., Jondhale, S. D., Korde, S. K., Ghorpade , P. P., Bendre, M. R. (n. d.). Mobile Agent for Distributed Intrusion Detection Systems in Distributed System. International Journal of Computer Technology and Electronics Engineering (IJCTEE), 1(3), 70-75.
Tierney, B., Crowley, B., Gunter, D., Lee, J., & Thompson, M. (2001). A monitoring sensor management system for grid environments. Cluster Computing,4(1), 19-28.
Tolba, M., Abdel-Wahab, M., Taha, I., & Al-Shishtawy, A. (2005). Distributed Intrusion Detection Systems for Computational Grids. In International Conference on Intelligent Computing and Information Systems, 2.
Werlinger, R., Hawkey, K., Muldner, K., Jaferian, P., & Beznosov, K. (2008). The challenges of using an intrusion detection system: is it worth the effort?. In Proceedings of the 4th symposium on Usable privacy and security, (SOUPS), July 23-25, Pittsburgh, PA, USA.
Wotring, B. (2010). Host Integrity Monitoring: Best Practices for Deployment.
Yee, A. (2003). The intelligent Intrusion Detection Systems: next generation network Intrusion Detection Systems management revealed. NFR security white paper.
Zhai, S., Hu, C., & Weiming, Z. (2014). Multi-Agent Distributed Intrusion Detection Systems Model Based on BP Neural Network. International Journal of Security and Its Applications,8 (2), 183-192.