Networking

05:00 AM
Connect Directly
RSS
E-Mail
50%
50%

Setting Up an Intrusion Detection System

An IDS helps analyze and respond to attacks from both inside and outside the network. Learn how to set one up for optimal protection.

You also can specify what the IDS should do when it detects a break-in attempt. It can log the activity, send an alert to a console or pager, and send a command to firewalls or routers. The most common action is to log the event--doing so provides forensic data for analyzing successful exploits and updating firewall, router and server policies to prevent recurrences. In many cases, the IDS handles only the logs and alerts, while the firewalls, routers and servers handle intrusion prevention.

Some IDSs can access new signature files generated by the vendor or a user community. In most cases, however, you must update the IDS regularly about threatening or illegitimate network behavior. If you don't, the IDS can't pinpoint exploits that haven't yet been identified in a signature.

Location Is Everything

So where do you set up an IDS? That depends on where (from which network or network segment) you expect threats to originate. The most obvious location is at the network perimeter, just inside the firewall. That's a hotspot because traffic that doesn't get through the firewall is of no interest, and any logging system that captures unfiltered Internet activity is likely to fill up quickly. Positioning an IDS inside the firewall helps you understand attacks that originate outside your network. It may not, however, cover exploits that originate from inside your network targeting your hosts, depending on your network's topology.


Choosing the Optimal Setup

Click to Enlarge

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
7
VMware NSX Banks On Security
Marcia Savage, Managing Editor, Network Computing,  8/28/2014
4
Real-World SDN, Lesson 2: Conquer The Enemy Within
Symon Perriman, Senior Technical Evangelist, Microsoft,  8/25/2014
3
How To Survive In Networking
Susan Fogarty, Editor in Chief,  8/28/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed