Cisco Secure IDS Sensor Deployment - Page 3

By  Cisco Press | Feb 26, 2002
Page 3 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Critical Network Components
Determining critical components on your network is vital to a comprehensive analysis of your network topology. A hacker usually views your critical network components as trophies. Compromising a critical component also poses a significant threat to the entire network. Critical components fall into several categories:

  • Servers (DNS, HTTP, CA, NFS, and so on)
  • Infrastructure (routers, switches, hubs, and so on)
  • Security components (firewalls, IDS components, and so on)
Sensors need to be deployed throughout your network to ensure that attacks against these critical components can be detected, and in certain situations halted through blocking (also known as device management).

NOTE:   Blocking, or device management, refers to the process whereby the IDS sensor can dynamically update the access control lists on a router to block current and future traffic coming to the router from an attacking host.

Servers
Network servers represent the workhorses in your network. Typical services provided by your servers include name resolution, authentication, e-mail, and corporate Web pages. Monitoring access to these valuable network components is vital to a comprehensive security policy.

Many servers exist on a typical network. Some of those servers are as follows:

  • Domain Name System (DNS) servers
  • Dynamic Host Configuration Protocol (DHCP) servers
  • Hypertext Transfer Protocol (HTTP) servers
  • Windows domain controllers
  • Certificate Authority (CA) servers
  • E-mail servers
  • Network File System (NFS) servers

Infrastructure
The network infrastructure represents the devices that transfer data or packets between the hosts on the network. Common infrastructure devices include routers, switches, gateways, and hubs. Without these devices, the individual hosts on your network are isolated entities that are incapable of communicating with each other.

Routers transfer traffic between different network segments. When a router stops functioning, traffic flow between connected networks ceases. Your network is probably composed of several internal routers and one or more perimeter routers.

Switches transfer traffic between hosts located on the same network segment. Switches provide minimal security by sending nonbroadcast traffic to only specific ports on the switch. If a switch is disabled, it can cease to send traffic, resulting in a denial of service (DoS). In other situations, a switch can fail in an open state. In this open state, it sends all network packets to every port on the switch, essentially converting the switch into a hub.

NOTE:   Hubs also transfer traffic between hosts located on the same network. Unlike switches, however, hubs pass all the traffic to every port on the switch. Not only does this generate performance problems, it also reduces the security of the network by enabling any host on the segment to watch the traffic going to other hosts on the network.
jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >