Vital intrusion detection
Michael Mullins
Published: 15 May 2002 14:49 BST
Intrusion detection is vital because it is impossible to keep pace with every threat and vulnerability in a network, yet 60 percent of respondents to a recent NetAdmin poll said they have yet to implement one.
Intrusion detection is vital because it is impossible to keep pace with every current and potential threat and vulnerability in a network. These threats and vulnerabilities advance at lightening speed, and it takes time for vendors to catch up with patches and updates (and for admins to apply the updates).
Once you decide you need an IDS, you must answer these four questions:
- How can I use an IDS to benefit my security strategy?
- What technologies are available to me?
- Where do I deploy the technology?
- How do I manage the information an IDS will provide?
| Figure A |
 |
How can I use an IDS to benefit my security strategy?
An IDS is used to detect intruders to your network. I define intruders as individuals or groups that attempt to access or deny access to data. This would include both internal and external threats. When properly deployed, this tool will identify intruders' methods and provide an intelligent alert to the threat. Some IDS programs will even respond to stop the intrusion. A good IDS should support analysis to find out how the intruder got in and deny any similar exploitation in the future.
What technologies are available to me?
IDS sensors can be categorised into three main groups:
- Host based -- These are deployed on a single host and monitor packets directed at that system or processes inside the host.
- Network based -- These use network cards in promiscuous mode and analyze all packets on the network segment. Depending on the area of deployment and the topology of your network, this sensor will monitor multiple systems or the entire network.
- Hybrid -- This is a mixture of network- and host-based sensors.
Let's take a closer look at the network-based IDS and break it down further into two subcategories: appliances and software-based IDS.
Previous
Did you find this article useful?
110 out of 228 people found this useful
- Share this article:
