White paper network ids and ips deployment Strategies Nicholas Pappas

Download 2,67 Mb. Pdf ko'rish
bet	2/25
Sana	14.05.2024
Hajmi	2,67 Mb.
	#233760

1 2 3 4 5 6 7 8 9 ... 25

1.Introduction

Information systems are more capable today than ever before. Society
increasingly relies on computing environments ranging from simple home networks,
commonly attached to high speed Internet connections, to the largest enterprise
networks spanning the entire globe. Filling one's tax return, shopping online,
banking online, or even reading news headlines posted on the Internet are all so
convenient. This increased reliance and convenience, coupled with the fact that
attacks are concurrently becoming more prevalent has consequently elevated the
need to have security controls in place to minimize risk as much as possible.
This risk is often ignored as many people mistakenly disregard the computing
power of their home systems, or small office networks. If the risk is not completely
ignored, system owners routinely deploy a network firewall to protect web servers, or
email servers and mistakenly feel safe. The convenience of conducting business over
the world wide web, or communicating over email has made such services a prime
target for automated attacks. Most network firewalls control network access by
blocking traffic based on an IP address and port number. If you have an email server
and wish for it to communicate with systems external to your network you will have
to open port 25 (smtp) enabling this external communication. But what happens
when an inbound attack comes in over port 25? Without having devices designed to
monitor the content of this malicious traffic the email server is at the mercy of such
an attack.
Nicholas Pappas
3
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
This document introduces tools used to systematically monitor network
activity and discusses the deployment strategies of such systems. Regardless of the
size of the network, having the ability to monitor network activity is a key
component of defending information systems from attacks launched through various
networks as well as finding internal systems that may not be configured correctly
resulting in extraneous traffic absorbing valuable network throughput. We begin
with an introduction of what network intrusion detection systems and intrusion
prevention systems are, then discuss connecting and deploying such devices. The
paper then concludes after mentioning examples utilizing these systems in practical
environments. There is no single security measure sufficient to independently
protect information systems. Having a layered security architecture greatly reduces
risk to system users. One invaluable layer is comprised of network intrusion
detection systems.

Download 2,67 Mb.

1 2 3 4 5 6 7 8 9 ... 25

Download 2,67 Mb.

Pdf ko'rish