I need some assistance with these assignment. bro: a system for detecting network intruders in real-time Thank you in advance for the help! There are types of security systems that have been developed to address the network intrusion issues, with the host audit being the most common, and now the stand-alone real-time monitoring systems that detect a network intrusion and report it in real time. Bro is one such system that has been developed to monitor network intrusion and generate notifications of such detected intrusions in real-time (Paxson, 1999). Therefore, the Bro system works to defeat the network intrusion problem by using a variety of feature-combinations that creates a system for identifying and reporting the network intrusion traffic in real time. The notable feature of the Bro system is its combination of high speed and large volume monitoring, such that the system monitors the traffic flow with the speed of up to 100 Mbps (Paxson, 1999). Further, the system ensures to prevent any pocket filter drops, which would in turn result in an increased risk of non-detection of the intrusions, through ensuring the pocket filters do not run out of the buffer. In addition, the system has also taken into consideration the need for easy extension of the new knowledge on the newly arising threats to the networks. However, the greatest short-coming associated with the Bro system of network intrusion monitoring is that the system does not seek to create an airtight network security system, but instead seeks to emphasize more on monitoring and detecting, as opposed to blocking and averting any intrusions (Paxson, 1999).
Real-time notification is the aspect of the Bro network intrusion security system that has been chosen. The Real-time notification concept of the system works towards ensuring that the detected intrusion on the particular network where the Bro system has been installed is reported immediately and in real-time (Paxson, 1999). This process works through the establishment of a timing system that generates notifications of any connection establishment attempt, which is then reported based on the nature of the attempt identified by the Bro scriptwriting language. The language has been specified such that there are those connection establishment attempts that it will find suitable based on the security policy that has been set to allow such connections while finding other attempts to establish connections as unacceptable per the .security policy, and thus classifying them as intrusions.