Protecting Organizational Network using Intrusion Detection Systems
The task of keeping organizations network secure isn't an easy one. There is no single tool for securing organisations network, rather it's a process and a continuous one. Various tools are available in helping organizations secure it's networks. Such tools include port scanning tools, application vulnerability detecting tools, firewalls, intrusion detection systems. In this article, the focus will be on IDS tools.
What is Intrusion Detection Systems
Intrusion detection systems are devices or software that monitors traffic over a network to identify malicious network activities by a user. Usually, when a malicious activities are detected, they are logged and alert sent to the network administrator. IDS are usually placed within a network in strategic positions or just outside the gateway to an organizations network.
Intrusion prevention systems
Some IDS systems are also capable of stopping a malicious network when detected. Such systems are called Intrusion Detection and Prevention Systems. This system attracts extra overhead because they have to be working realtime to be effective.
Purpose and location of IDS
The purpose of the monitoring network determines the location of IDS.For an organization that wants to monitor traffic and detect malicious activities from outside the organization networks, the IDS is place outside the gateway to the organizations network. And they are referred to as Network based IDPS. If the organization is interested in monitoring traffic within the network, in order to detect malicious activities from the members of the organization, the IDS is placed within the network. They are called Host based IDPS.
A good IDPS system combines network based and host based systems.
Snort IDPS
Snort is an Open Source Software based IDS system. It runs on UNIX based systems like Linux and Windows operating systems too. Snort allows real-time monitoring of network and logging system.
Snort is a signature or rule base IDPS. When snort is running, it captures traffic and compare it with various known rules for malicious activities which is kept in the signature file. Depending on what a user wants to monitor, various written rules are available over the internet to help configure snort.
Other functions
Snort can also perform non-traditional IDS task such as port scanning. Whenever and open port is detected on a server, snort sends alert to the network administrator.
Estonia National Library
Profile
Organization size - Large
Servers hosted on its Network - Yes
Users - Large
Setting up Snort
IDPS - yes
Position of IDS - within the network and outside the network
Real-time monitoring - Yes
Port Scanning - Yes
High School in Tartu
Profile
Organization size -Medium
Servers hosted on its Network - No
Users - Average
Setting up Snort
IDPS - No (IDS only)
Position of IDS - within the network and outside the network
Real-time monitoring - No (Logging only)
Port Scanning - Yes
Small Computer Retail
Profile
Organization size - small
Servers hosted on its Network - No
Users - few
Setting up Snort
IDPS - No (IDS only)
Position of IDS - outside the network
Real-time monitoring - No (Logging only)
Port Scanning - Yes
No comments:
Post a Comment