Intrusion Defense - Part 5
Bright Hub » Computing & Hardware » Computer Security
» Articles » Intrusion Defense - Part 5
RSS
 View all Hubs
Topics
See what's in...

Intrusion Defense - Part 5

Article by Tom Olzak, CISSP (6,400 pts )
Published on Jul 17, 2008
In this article, we examine how to combine IDS and IPS technologies to create supporting network defensive layers.
Tags: security, ips, ids
16 views

IDS and IPS as a Layered Defense

The implementation of IPS as a standalone intrusion defense solution may cause some problems for your IS staff and for your employees.  When you deploy a NIPS, for example, you can usually use the default rules to block well-defined attack packets without much impact on your network.  However, there are many attack types that will still get through.  One way to deal with this is to purchase several NIPS, and configure them to block every conceivable attack.  This might protect your network, but it might also stop some or all of your applications from working properly.  A better

solution is to partner NIPS with NIDS.  Figure 1 depicts this type of network configuration.

The layered configuration solution is very similar to the network depicted in Figure 2.  In Figure 2, a NIPS is placed in the DMZ to block packets with known malicious signatures and anomalous traffic.  A second NIPS is placed at the entrance to a critical network segment.  In Figure 1, I added a NIDS sensor to Segment A to watch for and alert on unusual network behavior.  I could also remove the NIPS guarding Segment B if, by adding additional blocking rules, I cause the applications on that segment to fail.  NIDS provides an organization with the ability to observe network traffic and react non-intrusively.  You can build on the full network visibility of NIDS with the selective blocking capability of NIPS to create an effective intrusion defense and management program.  Couple this with the protection provided by HIPS, and cracking your final defensive layers will require a work factor that only the most dedicated attackers will tackle.

Prior to designing your intrusion defense infrastructure, there are two more things to consider.  First, although NIPS sensors can also serve in an intrusion detection role, the cost of deploying them for that purpose is typically not cost effective.  Second, many current firewalls include IDS functionality, and many next generation firewalls include IPS functionality.  You might be able to take advantage of this convergence of technologies to design a more efficient solution that easily fits within your security budget.

Go to Part 6...

See other articles in this series...

Tables and Figures (Hover for caption, click to enlarge)

IPS IDS Layered Intrusion DefenseFigure 2: NIPS Sensor Placement

Channel Tags

View all »

Recent Articles...

Recent Reviews...

Recent Blogs...

Bright Hub - Science & Technology Articles, Buyer's Guides, How-To Tips and Software Reviews
Become Bright Hub Writer
About Bright Hub | Contact Us | Terms of Use | Privacy Policy | Copyright Policy | ©2008 Bright Hub Inc. All rights reserved. Page copy protected against web site content infringement by Copyscape