05:00 AM
Connect Directly

Setting Up an Intrusion Detection System

An IDS helps analyze and respond to attacks from both inside and outside the network. Learn how to set one up for optimal protection.

Depending on how your network is organized, you might need multiple IDSs or sensors to cover all the bases. At the very least, an IDS at the core router or switch will see most traffic streams coming through the network operations center. Be sure an IDS at this location can examine packets traversing the network in both directions--it's easy to set up a device on a half-duplex link inadvertently and miss traffic critical to determining the nature of an attack.

Some IDSs coordinate input from multiple sensors into a single reporting console, which lets you receive notification of illicit traffic from anywhere within the network. However, multiple monitoring locations means more data to store, examine and act upon.

Automated tools for analyzing IDS logs are available, but most interpretation is done by an IT person who's trained in what to look for and knows your traffic patterns. He or she combs through the IDS log to see how a perpetrator got past your security systems.

A successful IDS deployment doesn't need heavy CPU horsepower. It does, however, need to be connected to the network properly and have enough storage to allow useful analysis of the data (see "Step by Step,").

You can install the IDS via a span port on a switch, for example, or via a network tap. Each method has its advantages and disadvantages.

2 of 8
Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed