Managing Cisco Network Security, Second Edition

Chapter 13: Intrusion Detection

Introduction

A properly configured firewall appliance is considered a first line of network defense, and controls the flow of information to your servers. Unfortunately, if the server receives information from the network, it runs a risk of compromise from the unlikely event that the firewall fails. A more likely type of failure is that the firewall does its job passing traffic but that the server itself is vulnerable to an unusual request.

Other elements of that first line of defense would include Access Control Lists (ACLs) on perimeter routers, perhaps Web caching, or load-balancing appliances. It would include operating system (OS) hardening and application configuration controls on the server, as well as ensuring that the vendor software is current according to vendor recommendations. All these things contribute to the security of the service. But because we can never be completely sure that best practices have been followed, a second line of defense is a good plan. This is known as "defense in depth." We put everything we can into the front lines, but in case that fails, we have a backup plan. A detective control is an excellent element of that second line of defense.

An intrusion detection system gives the network or security manager a tool to detect and react rapidly to an attack on the network. This chapter will investigate the various types of attacks and intrusions as well as describe the tools available from Cisco to implement an intrusion detection system.

What Is Intrusion Detection?

An intrusion...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Appliances
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.