Cisco Secure IDS Sensor Deployment - Page 4

By  Cisco Press | Feb 26, 2002
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Security Components
Security components enhance the security of the network by limiting traffic flow and watching for attacks against the network. Common security devices include firewalls, IDS sensors, IDS management devices, and routers with access control lists.

Firewalls establish a security barrier between multiple networks. Normally, a firewall is installed to protect an internal network from unauthorized access. This makes them a prime target for attack.

Similarly, the IDS components continually monitor the network looking for signs of an attack. Hackers continually hunt for new methods to confuse and disrupt the operation of common intrusion detection systems. By disabling the intrusion detection system, an attacker can penetrate the network unseen (without raising the alarms that indicate an attack is in progress).

Remote Networks
Many networks are composed of a central corporate network and multiple remote offices that communicate with the corporate network through WANs. Security at these remote facilities needs to be considered in your network analysis. Depending on the security posture of the remote sites, you might want to place a sensor to monitor the traffic traveling across the WAN links. Sometimes, remote facilities have independent connections to the Internet. All Internet connections definitely need to be monitored.

Size and Complexity of Your Network
The more complex your network is, the more likely it is that you need to deploy multiple sensors at various locations throughout your network. A large network also usually dictates the use of multiple sensors because each sensor is limited by a maximum amount of traffic that it can monitor. If your Internet network connection is a multi-gigabit pipe, a single sensor cannot currently handle all the traffic that your fully loaded Internet connection can deliver to your network.

Considering Security Policy Restrictions
Sometimes, sensors are placed in your network to verify compliance with your defined security policy. An excellent example of this is placing a sensor on the inside and the outside of a firewall.

The sensors labeled Sensor 1 and Sensor 5 in Figure 5-1 illustrate this setup. Sensor 1 monitors all traffic that is headed to the protected network. It detects all the attacks sent toward the protected network, even though most of the attacks can be prevented by the firewall. Sensor 5, however, monitors all the internal traffic. This represents traffic that manages to make it through the firewall from the outside, as well as traffic generated by internal hosts. Both sensors can detect security policy violations. Sensor 5 monitors traffic that makes it into the protected network, whereas Sensor 1 monitors the traffic that leaves the protected network.

Figure 5-1: Deploying Sensors at Common Functional Boundaries
Click image for larger view in a new window
(Click image for larger view in a new window)

--
Our next segment from Cisco Press' Cisco Secure Intrusion Detection System will deal with executing the deployment.

jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >