Home   About Us   Services   Solutions   Support            
Power Protection
Importance of Security
Threats to Data
Who are the Enemies?
What can the Enemies do?
Penetration Test
Security Policies
Security Tools
Bulletproof Virus Protection!
Intrusion Detection
Access Control
Network Scanning

Intrusion Detection
Organizations continue to deploy firewalls as the central gatekeepers to prevent unauthorized users from entering their networks. However, network security is in many ways similar to physical security in that no one technology serves all needs—rather, a layered defense provides the best results. Organizations are increasingly looking to additional security technologies to counter the risk and vulnerability that firewalls alone cannot address. A network-based IDS (NIDS) provides around-the-clock network surveillance while a host-based IDS (HIDS) protects servers.

Given the complexity of an enterprise site, the variety of attack

  techniques, and the typical hacking scenario, there is a clear need for a comprehensive solution.
The solution should protect against the different attack techniques and prevent the malicious actions performed during a typical hacking cycle. The Cisco IDS solution addresses this need by offering a combined solution that includes NIDS and HIDS components. The NIDS primarily addresses the network attacks, whereas the HIDS protects the servers against OS and application attacks.

The NIDS sensors are installed in multiple locations. One important location is in front of the firewall that monitors communication coming into the organization. In addition, every important network segment is covered with a sensor. The HIDS is first deployed on Internet-facing servers such as Web, mail, and DNS servers. Because the Internet-facing servers are connected to back-end servers, HIDS is also deployed on all the other critical servers within the corporate firewall.

An IDS sensor analyzes packet data streams within a network, searching for unauthorized activity, such as attacks by hackers, and enabling users to respond to security breaches before systems are compromised. When unauthorized activity is detected, the IDS can send alarms to a management console with details of the activity and can often order other systems, such as routers, to cut off the unauthorized sessions. In the physical analogy, an IDS is equivalent to a video camera and motion sensor detecting unauthorized or suspicious activity and working with automated response systems such as watch guards to stop the activity.
© Copyright 2002 Eitech. All rights reserved.