05:00 AM
Connect Directly
Repost This

Setting Up an Intrusion Detection System

An IDS helps analyze and respond to attacks from both inside and outside the network. Learn how to set one up for optimal protection.

You also can specify what the IDS should do when it detects a break-in attempt. It can log the activity, send an alert to a console or pager, and send a command to firewalls or routers. The most common action is to log the event--doing so provides forensic data for analyzing successful exploits and updating firewall, router and server policies to prevent recurrences. In many cases, the IDS handles only the logs and alerts, while the firewalls, routers and servers handle intrusion prevention.

Some IDSs can access new signature files generated by the vendor or a user community. In most cases, however, you must update the IDS regularly about threatening or illegitimate network behavior. If you don't, the IDS can't pinpoint exploits that haven't yet been identified in a signature.

Location Is Everything

So where do you set up an IDS? That depends on where (from which network or network segment) you expect threats to originate. The most obvious location is at the network perimeter, just inside the firewall. That's a hotspot because traffic that doesn't get through the firewall is of no interest, and any logging system that captures unfiltered Internet activity is likely to fill up quickly. Positioning an IDS inside the firewall helps you understand attacks that originate outside your network. It may not, however, cover exploits that originate from inside your network targeting your hosts, depending on your network's topology.

Choosing the Optimal Setup

Click to Enlarge

View Full Bio

1 of 8
Comment  | 
Print  | 
More Insights
Hot Topics
Converged Infrastructure: 3 Considerations
Bill Kleyman, National Director of Strategy & Innovation, MTM Technologies,  4/16/2014
Heartbleed's Network Effect
Kelly Jackson Higgins, Senior Editor, Dark Reading,  4/16/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Twitter Feed