Advertisement
Promo

Network management Toolkit

Vital intrusion detection

Michael Mullins

Published: 15 May 2002 14:49 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Intrusion detection is vital because it is impossible to keep pace with every threat and vulnerability in a network, yet 60 percent of respondents to a recent NetAdmin poll said they have yet to implement one.

Intrusion detection is vital because it is impossible to keep pace with every current and potential threat and vulnerability in a network. These threats and vulnerabilities advance at lightening speed, and it takes time for vendors to catch up with patches and updates (and for admins to apply the updates).

Once you decide you need an IDS, you must answer these four questions:

  • How can I use an IDS to benefit my security strategy?
  • What technologies are available to me?
  • Where do I deploy the technology?
  • How do I manage the information an IDS will provide?


Figure A

How can I use an IDS to benefit my security strategy?

An IDS is used to detect intruders to your network. I define intruders as individuals or groups that attempt to access or deny access to data. This would include both internal and external threats. When properly deployed, this tool will identify intruders' methods and provide an intelligent alert to the threat. Some IDS programs will even respond to stop the intrusion. A good IDS should support analysis to find out how the intruder got in and deny any similar exploitation in the future.

What technologies are available to me?

IDS sensors can be categorised into three main groups:

  • Host based -- These are deployed on a single host and monitor packets directed at that system or processes inside the host.
  • Network based -- These use network cards in promiscuous mode and analyze all packets on the network segment. Depending on the area of deployment and the topology of your network, this sensor will monitor multiple systems or the entire network.
  • Hybrid -- This is a mixture of network- and host-based sensors.

Let's take a closer look at the network-based IDS and break it down further into two subcategories: appliances and software-based IDS.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
110 out of 228 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Network management


Company/Topic Alerts

Create a new alert from the list below:
















Related Jobs

Senior Network Security Engineer (CISSP / CCIE / CEH)

Security Manager

Ground Segment Systems Engineer - Space Ground Stations - Hants

Video icon

Video

On The Road Blog

Apple patents point to haptics, finger...

Three patent applications made by Apple were published on Thursday, covering technologies including haptics, fingerprint recognition and RFID. The haptic feedback patent, if approved,... More

Post a comment

WiFi vs. Mobile Broadband (HSPA)

I have to say first that I am mildly surprised to be writing this. I'm sitting in Starbucks, where I came to spend an hour drinking coffee and using their public WiFi access before... More

1 comment

HP Mini 2140 - I Get To Try One!

I have been wanting to get my hands on an HP Mini 2140 netbook ever since I read the first announcement for it. I already own an HP 2133 Mini-Note (wouldn't it be nice if they would... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters