Dmz and Ids
Essay by review • November 6, 2010 • Essay • 1,504 Words (7 Pages) • 1,048 Views
In today's technological world there are many vulnerabilities to the computer networks. If a malicious attacker exposes these vulnerabilities your business could be interrupted causing you thousands of dollars in damage. Not only could you lose business by your network going down but also by the lack in consumer confidence, and the possible penalties imposed on you by the government for not properly securing your customers vital information. There are several methods or concepts available to the network administrators to help them in securing their networks. The concept of defense-in depth, which is a concept that uses multiple defense strategies. This is a concept that all network administrators and security personnel should practice. Using this method will add several layers of security to your network. Two of those concepts or solutions are DMZ's (Demilitarized Zones) and IDS's (Intrusion Detection Systems). A DMZ is a neutral area between your private, or internal network, and public networks, which are commonly known as the Internet, where you can place services that need to have access and be accessed by the public network. A IDS is a solution or system that if managed and configured properly will assist in the protection of your network by telling you if someone has attempted to gain access or has gained access to your network.
There are two basic types DMZ's, which are back to back and three homed. The back-to-back is placed between two firewalls, which are either program or hardware setups used to block unwanted traffic. The three-homed DMZ is one that has three separate networks. One network goes to the public network, the other goes to your private network, and the third is the one that contains those machines that are running the applications or services that you have in your DMZ. Each company can configure their DMZ with whatever services they want, so although they might be the same basic type they will still be different. One can also have multiple zones within their DMZ so that it adds protection in case one of their zones gets intruded and brought down, the others will still be operational. One can have separate levels of security added to those zones so that the different applications can be grouped into different security levels. Other solutions can be added to your DMZ, some of those are Honeypots, and IDS's. Honeypots are programs designed to invite attackers to gain access to it so that the attacker's methods and tools used are recorded. Honeypots will not be discussed extensively in this paper. Another solution is an IDS's, which is a monitor or a sensor that can be placed at various parts of your network so that you can monitor the traffic that is going through that particular segment.
If properly configured and monitored a IDS can be a useful tool in helping a security administrator to maintain a secure network. An IDS is a sensor that monitors traffic along a segment where it is placed, it checks that traffic's patterns and compares them to known patterns. If it thinks that one of those patterns is an attack it will notify the administrator. The administrator is then to check that notification and determine if it is a false positive, a false negative, or if it is in fact an attack. A false positive is when the sensor classifies normal traffic as an attack. A false negative is when the sensor classifies an attack as normal traffic.
There are some pros and cons on the use and placement of a IDS. One of the cons is all the false notifications that it sends out, those false notifications amount into an overwhelming amount information that the security personnel needs to shift through to see what is an actual attack. Some of the pros are that it does record all activities that go through the segment where it placed, and it let's you know the tactics and tools that an attacker used to get access to your network. It also let's you know what are the vulnerabilities of your network so that you can repair them to prevent any future attacks. Also as if configured properly an IDS can be used to gauge the amount of traffic in a corporate environment so that you can detect any policy violations, any illegal activity, and also usage patterns so that an administrator could properly manage the network.
Most of the problems today in managing a IDS is that most companies don't have the properly trained security personnel to monitor all the notices that the sensors put out. Also even if they have the proper personnel many times they are not allowed to make changes because of various corporate policies. Another way that a IDS helps secure a network is that it aids in configuration of firewalls and other security solutions by telling you what areas of your firewall or solutions are vulnerable to attack. Also many companies need to determine where they will place their sensors so that they can get the maximum protection. You will also want to use multiple sensors throughout your network to monitor not only traffic coming in but also traffic going out. A sensor should be placed on all gateways, or connections, that your network has to outside networks as well as internal networks. Other places to put an IDS sensor are right outside your firewall, so that you can monitor all attacks on your firewall, and also in your DMZ, so that if any attack gets through your firewall you can monitor its method so that you can prevent any future attacks. You want to minimize the amount of sensors that you have because each will generate a great amount of data, and it becomes
...
...