Intrusion Detection: The Guard Inside the Gate

A firewall puts a lock on the door. IDS is the watchdog inside.

 By Lynn Haber
Page 1 of 4
Print Article

Security is critical for the operation of an extensive network infrastructure, especially for any company with an e-business strategy. That's why an intrusion detection system (IDS) is a key component of the security architecture at Twentieth Century Fox (TCF), in Los Angeles. According to Jeff Uslan, associate director information protection and security at TCF, companies that don't invest in IDS are playing Russian roulette.

Sooner or later companies are going to get hit. When it will happen depends on the size of the environment and how active users are, he says.

IDS Complements a Firewall

Although a firewall may be the equivalent of putting a lock on the front door, once in a while illegitimate users get past the front door. When they do, IDS provides the next layer of securitythe real-time identification of threats as they occur on the network. IDS is a technology designed to complement the firewall.

Responsible for IT security for tens of thousands of employees, Ulsan knows better than to take chances. TCF is one of 48 companies owned by The News Corp., Ltd., in New York, which employs 45,000 to 50,000 people worldwide. His responsibility for IT security extends to all News Corp. employees. In the business of entertainment, TCF, part of the Fox Filmed Entertainment group, provides all of its employees with Web access and serves up two Web sites, as well.

As more corporations open their information stores to the world, vulnerability to security attacks increases. Why? Because as businesses offer their services electronically over the Internet, they willingly invite outsiders to initiate actions on their networks.

Companies like TCF know there's no silver bullet solution for security. Instead, a robust security architecture is made up of a weave of multiple comprehensive security solutionsantivirus software, authentication and encryption products, firewalls, security assessment software, and IDS.

"A robust security architecture is made up of a weave of multiple comprehensive security solutionsantivirus software, authentication and encryption products, firewalls, security assessment software, and IDS."
The truth of the matter is that the Internet has been a wake-up call for the need for a new generation of IT security. Internet technology has expanded the network both inside and outside the corporation and upped the ante for security risks. And, much is at stake.

Layers of Security

Many companies are vigilant about bolstering their IT security architecture. After all, who wants to be tomorrow's headline news? According to industry figures, firewall technology, which has been around for about a decade, has achieved about a 70% penetration rate in the marketplace.

Unfortunately, many organizations view firewalls as the great panacea for corporate security woesthey think that if they build a secure wall around the enterprise, it will be safe from attack. Not so, according to Greg Gilliom, CEO at Network Ice Corp., in San Mateo, Calif., who reports this sobering news: 90% of corporations reporting break-ins have firewalls. As e-business security failures attract public attention, intrusion detection is getting the attention of IT managers.

Shipping for about five years, IDS is reaching a point where products are technically mature enough for a larger market, according to market research firm Frost & Sullivan, of San Antonio, Texas. To date, market penetration for IDS is reportedly about 15%.

Initial IDS products simply set off an alarm, says Jason Wright, research analyst at Frost & Sullivan. Newer products have reactive capability as well, or the ability to neutralize an attack.

Where firewalls leave off, IDS steps in. Firewalls focus on entry policy, admissions, and denial of service. By blocking out certain kinds of traffic, firewalls provide organizations a high level of security.

However, although firewalls can check packets, the technology doesn't look inside the packet. Once a user gets inside the front door, firewalls don't protect a company's internal network--an illegitimate user can exploit the vulnerability of operating systems, protocols, or applications.

Providing the next layer of security, IDS identifies threats as they exist in a system. Additionally, IDS solutions classify, determine harm, and react to threats based on security policies and rules.

Twentieth Century's Uslan maintains that although he's concerned about outside hackers, the more important issue is inside problems. What you sell to your manager is security concerns about the internal hacker, the disgruntled employee, the systems administrator who may start doing things to the system so that he can look like a hero, he says.

This article was originally published on Oct 30, 2000
Get the Latest Scoop with Networking Update Newsletter