Home   About Us   Services   Solutions   Support            
 
  home > solutions > security > security tools > intrusion detection  
Power Protection
Data
Networking
Security
 
Overview
Importance of Security
Threats to Data
Who are the Enemies?
What can the Enemies do?
Services
Assessment
Audit
Penetration Test
Security Policies
Security Tools
 
Overview
Bulletproof Virus Protection!
Firewall
Intrusion Detection
VPN
Access Control
Encryption
Network Scanning
Wireless
E-business
 

Intrusion Detection
Organizations continue to deploy firewalls as the central gatekeepers to prevent unauthorized users from entering their networks. However, network security is in many ways similar to physical security in that no one technology serves all needs—rather, a layered defense provides the best results. Organizations are increasingly looking to additional security technologies to counter the risk and vulnerability that firewalls alone cannot address. A network-based IDS (NIDS) provides around-the-clock network surveillance while a host-based IDS (HIDS) protects servers.

Given the complexity of an enterprise site, the variety of attack

    
  techniques, and the typical hacking scenario, there is a clear need for a comprehensive solution.
The solution should protect against the different attack techniques and prevent the malicious actions performed during a typical hacking cycle. The Cisco IDS solution addresses this need by offering a combined solution that includes NIDS and HIDS components. The NIDS primarily addresses the network attacks, whereas the HIDS protects the servers against OS and application attacks.

The NIDS sensors are installed in multiple locations. One important location is in front of the firewall that monitors communication coming into the organization. In addition, every important network segment is covered with a sensor. The HIDS is first deployed on Internet-facing servers such as Web, mail, and DNS servers. Because the Internet-facing servers are connected to back-end servers, HIDS is also deployed on all the other critical servers within the corporate firewall.

An IDS sensor analyzes packet data streams within a network, searching for unauthorized activity, such as attacks by hackers, and enabling users to respond to security breaches before systems are compromised. When unauthorized activity is detected, the IDS can send alarms to a management console with details of the activity and can often order other systems, such as routers, to cut off the unauthorized sessions. In the physical analogy, an IDS is equivalent to a video camera and motion sensor detecting unauthorized or suspicious activity and working with automated response systems such as watch guards to stop the activity.		  
 
© Copyright 2002 Eitech. All rights reserved.