![]() Unless you have unlimited resources, you may not be able to monitor everything on the network, so a key decision will be which traffic matters the most and which segment provides the best vantage point. Monitoring all of the traffic on an internal switch, like your LAN or a DMZ, will allow the IDS to monitor user activity or key servers, but it won’t see things happening on other parts of the network. ![]() One thing you don’t want to do is inspect traffic on the public side of the firewall. Monitoring traffic at the ingress/egress point will show you what comes and goes (after the firewall policy approves of course), but may not allow you to see remote offices connecting to core components. Not the location in the rack, but the segment of your network the IDS will monitor. Just as they say in real estate: it’s location, location, location. What’s unusual? In the simplest terms, it’s traffic you don’t want on your network, whether that is policy/misuse (IM, Games, etc.) or the latest malware. What do I want to detect? For each network this answer will vary, though generally it is looking for unusual traffic. IDSĪn Intrusion Detection System (IDS) is a tool that most obviously detects things but what things? Ultimately it could be anything, but thankfully most vendors include a large array of ‘signatures’ and or methods for detecting stuff. Everyone likes primers and simple descriptive definitions, so let’s jump right in with some thoughts. ![]() In our last webcast, we learned about lingering and general confusion over these crazy acronyms IDS and IPS, and how they are like or unlike UTM software modules.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |