home news blogs forums events research newsletter whitepapers careers


Network Computing Network Computing Network Computing
HOT PICKS

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers

Security
F E A T U R E  
Dragon Claws its Way to the Top

  August 20, 2001
  By Greg Shipley and Patrick Mueller

How We Tested Intrusion-Detection Systems

How do you deploy an intrusion-detection system on a 24x7 enterprise network? Very carefully. While a HIDS deployment would have been educational, we ruled it out early on because the process would have been far too intrusive for DePaul University's systems-administration team. Thus we tested HIDS solutions in our Neohapsis labs and deployed the more passive NIDS products in the live environment. Working with DePaul's network team, we decided to tap into a perimeter switch and mirror a port off of it (see "Bruisernet Setup"). From there, we built the IDSnet (Bruisernet), a small, isolated LAN that saw all production traffic but had no direct connectivity to it.

After the mirrored IDSnet was built, we designed a VPN that would tunnel the management traffic from the sensors back to the consoles in our lab. Using the firewall/VPN feature sets in a pair of Cisco Systems routers, we built a VPN between the DePaul IDSnet and our lab at Neohapsis. We used a dual-NIC configuration for our sensors: One NIC was used for monitoring, the other for talking back to the management stations.



Our team took about 600 man-hours over four months to get the IDSes deployed, relatively stable, tuned and updated. Given, no sane person is going to deploy 10 different vendors on the same network, but project managers will learn from their pilot programs -- provided they take good notes! Global deployments are going to be quite an endeavor.

After the IDSnet was deployed, we began crafting a network of vulnerable Linux, Windows NT and Solaris machines. We then placed these machines deep in DePaul's network but kept them behind a firewall that passed only traffic from our attack network. Using attack tools and exploit code found on the Internet, we executed the attacks from remote locations and successfully compromised each of the platforms.

Because of the way we constructed the IDSnet, all NIDS devices were exposed to the same traffic at the same time. To remove any possibility of error, we used tcpdump to verify that the IDSnet "saw" all our attack traffic.


   Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Next Page





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



techweb
Online Communities TechWebInformationWeekLight ReadingIntelligent EnterprisebMightyNetwork ComputingDark ReadingDigital LibraryWall Street & Technology
Byte & SwitchNo JitterInternet EvolutionLight Reading's Cable Digital NewsContentinopleUnStrungBank Systems & TechnologyAdvanced TradingInsurance & Technology
Face-to-Face Events
InteropWeb 2.0 ExpoWeb 2.0 SummitVoiceConBlack HatCSISoftwareEntrprise 2.0 ConferenceGTEC
 Mobile Business Expo
InformationWeek 500 ConferenceBuy Side Trading XchangeBuy Side Trading SummitBank Executive SummitInsurance Executive SummitTelcoTVEthernet ExpoOptical Expo
Magazines  
InformationWeekWall Street & TechnologyInsurance & TechnologyBank Systems & TechnologyAdvanced TradingMSDNTechNetSmart EnterpriseThe Architecture JournalDatabase Magazine
 
Research & Analyst Services  
Heavy ReadingInformationWeek ReportsInformationWeek Analytics
 
   
   
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights