Intrusion Detection And Prevention Tips

Robbie Higgins, Vice President of Security Services at GlassHouse Technologies (www.glasshouse.com), says:

IDS/IPS should be part of any company’s security environment large or small; firewalls for the most part are not very good in malicious activity detection. Deployment and operation of IDS/IPS is different from other enterprise security products such as firewalls, in that it involves a data analysis phase before and after the deployment, and the effectiveness of the IDS/IPS depends on interactive alerts tuning and data analysis techniques. IPS contains all the detection features of IDS (attack signature detection), in addition to vulnerability-based signatures and non-signature detection capabilities.

While larger companies may have an extensive deployment of both network and host based IDS/IPS infrastructure, smaller organizations can get away with providing host based IDS/IPS on its critical hosts and possibly looking to getting a service provider to manage and monitor a network based IDS/IPS solution.

Two primary considerations to consider prior to purchasing: 

Which one to choose IDS? IPS? Or a combination of both?
Where to place in your IDS/IPS in your network?

IDS product typically operates do not interfere with production traffic, though it requires manual action to analyze and stop an intrusion. IPS typically installs inline on the network and can automatically detect and block intrusion. However due to the high false positive rate, caution needs to be taken for deploying IPS on critical networks. Some vendors offer (Sourcefire, Tippingpoint) appliances that can operate in both IDS and IPS mode. For small to midsize organizations I would recommend deploying IDS on their critical host and possibly getting a networks based IPS location on the network perimeter.

More Here

Views: 16

Add a Comment

You need to be a member of The Data Center Professionals Network to add comments!

Join The Data Center Professionals Network

Connecting data center industry professionals worldwide. Free membership for eligible professionals.

Events

Follow Us

© 2024   Created by DCPNet Admin.   Powered by

Badges  |  Report an Issue  |  Terms of Service