Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.1  Devices
           9  3.1.9  IDS (Intrusion Detection System)

Previous Topic/Section
3.1.9  IDS (Intrusion Detection System)
Previous Page
Pages in Current Topic/Section
1
Next Page
How Does an IDS Work?
Next Topic/Section

Where on the Network Should the IDS Go?

Routers go between subnets. Firewalls are most commonly seen between a company’s internal network and their Internet connection. What about IDS? The answer to this question depends on what you want to protect.

You would position an IDS anywhere on your network that you want to look for suspicious activity – this includes both on the network and on individual hosts that may need more protection. For example, an IDS immediately inside your Internet firewall, but still outside the DMZ area (explained in section 3.3.1.1) will alert you before an attack takes place on your DMZ or internal network. The down side to placing an IDS so close to your Internet gateway is that hosts on the Internet tend to be probed quite a lot, and you may spend a great deal of time dealing with uneventful IDS alerts regarding things like network scans that didn’t result in any further attempts to access to your resources.

In the case of a particularly sensitive business system, the administrators may want to build in as many layers of detection as possible, to enhance security, and IDSs may be located both on the network and on the host itself. The differences between host-based IDS and network-based IDS will be discussed in more detail in section 3.4.

At other times, you might position IDS in the DMZ between your company’s external (Internet-connected) firewall and its internal (internal network-connected) firewall, to detect any unwanted traffic that got through the first firewall, or within the internal network itself, if you’re more concerned about monitoring for intrusions into your internal network.

Think about positioning IDS the way you’d think about positioning burglar alarm sensors. Perhaps you want motion-detectors within your yard, which turn on outside lights when movement is detected. But you’d probably reserve the sensors which actually ring the alarm, for inside your home, near doors and windows lest you be awakened by loud beeping every time a dog runs across your front lawn, or you run down to the kitchen for a snack, in the middle of the night! Then, if you ran a “Bed and Breakfast” in your home and were concerned about security, you might place additional sensors in private areas of your home. Much like a company might run an IDS on their internal network NOT for the purpose of catching those who are outside trying to get in, but to monitor for suspicious activities by in-house personnel.


Previous Topic/Section
3.1.9  IDS (Intrusion Detection System)
Previous Page
Pages in Current Topic/Section
1
Next Page
How Does an IDS Work?
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.