So you have just been successful in your business or organisation and have managed to have a thousand computers in your name. You also have managed to acquire some powerful server computers to handle your organisation’s resources. Congratulations, you have just been automatically added to the endless list of exploitable targets. Like it or not, one day you are going to fall victim to one of the many various attacks. A common misconception by a lot of Zimbabwean organizations is that Zimbabwe is not that much of an attraction for hackers therefore many slack when it comes to implementing robust measures to protect their computers and their networks. Enough about the chit-chat, let’s get deeper into today’s topic: Intrusion Detection System.
Today i want to talk about how you can implement an Intrusion Detection System as a method of protecting your network against potential hackers/attackers. Let us begin with some definitions.
An intrusion detection system is a set of network security components with the intention of providing alerts to network administrators in the event of a potential intrusion in a network. There are two types of IDSs.
This is a type of IDS which is deployed at certain points in a network. This kind of an IDS gives alerts to the administrator in the event of malicious packets being identified in the network. In-order to resolve whether certain traffic is considered to be malicious, there are two configurations which are taken into account.
Anomaly based configuration – this refers to a setup where the administrator defines a network baseline (the normal state of operation). When traffic flows in a way which differs from the baseline, a flag will be raised and that traffic will be considered as malicious.
Signature based configuration – this refers to a setup where the administrator creates and defines a database of attack signatures for previous attacks. The IDS now matches a potential attack signature with the list of stored signatures in-order to identify if a certain packet/packets are malicious.
This IDS is deployed at each host in a network. This means that every computer in your organisation is supposed to have a special software installed which detects intrusion. Usually this kind of configuration is advised for small organization so that maintenance will be easy and deployment will be less costly. Configurations for an HIDS are done on the computer on which the system is installed.
Now you know what an IDS is and the various types of Intrusion Detection Systems, the question now is, WHATS NEXT?
Well, depending on your network setup and the number of hosts you have in your network, you can deploy such a system in many various ways. Below is a diagram which shows one of the ways an IDS can be deployed.
IF YOU NEED MORE INFORMATION OR CONSULTATION ABOUT HOW YOU CAN IMPLEMENT SUCH A SYSTEM AT YOUR ORGANISATION, CONTACT US