Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
F E A T U R E  
Dragon Claws its Way to the Top

  August 20, 2001
  By Greg Shipley and Patrick Mueller

How We Tested Intrusion-Detection Systems

How do you deploy an intrusion-detection system on a 24x7 enterprise network? Very carefully. While a HIDS deployment would have been educational, we ruled it out early on because the process would have been far too intrusive for DePaul University's systems-administration team. Thus we tested HIDS solutions in our Neohapsis labs and deployed the more passive NIDS products in the live environment. Working with DePaul's network team, we decided to tap into a perimeter switch and mirror a port off of it (see "Bruisernet Setup"). From there, we built the IDSnet (Bruisernet), a small, isolated LAN that saw all production traffic but had no direct connectivity to it.

After the mirrored IDSnet was built, we designed a VPN that would tunnel the management traffic from the sensors back to the consoles in our lab. Using the firewall/VPN feature sets in a pair of Cisco Systems routers, we built a VPN between the DePaul IDSnet and our lab at Neohapsis. We used a dual-NIC configuration for our sensors: One NIC was used for monitoring, the other for talking back to the management stations.



Our team took about 600 man-hours over four months to get the IDSes deployed, relatively stable, tuned and updated. Given, no sane person is going to deploy 10 different vendors on the same network, but project managers will learn from their pilot programs -- provided they take good notes! Global deployments are going to be quite an endeavor.

After the IDSnet was deployed, we began crafting a network of vulnerable Linux, Windows NT and Solaris machines. We then placed these machines deep in DePaul's network but kept them behind a firewall that passed only traffic from our attack network. Using attack tools and exploit code found on the Internet, we executed the attacks from remote locations and successfully compromised each of the platforms.

Because of the way we constructed the IDSnet, all NIDS devices were exposed to the same traffic at the same time. To remove any possibility of error, we used tcpdump to verify that the IDSnet "saw" all our attack traffic.


   Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Next Page

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers