How to Cheat at Managing Information Security

Chapter 9: Intrusion Detection Systems: Theory

Overview

The purpose of this chapter is to:

  • Define the term intrusion detection system (IDS)

  • Outline the common problems and techniques associated with IDSes

  • Provide an overview of the major IDSes

Anecdote

Intrusion detection systems (IDSes) and packet sniffers do not replace your brain; you need to understand what they are telling you.

One day the Fat Bloke found himself dragged in to consult on a project for a huge bank buying a bit of another huge bank. The whiff of disaster was everywhere. The Bank of England (BoE) was demanding regular reports, and their top man gave my Big Six consultancy a call. Our best suits were mobilized; my job was to monitor how the team from a consultancy starting with A (commonly known as robots) joined the two networks together, providing encouraging, soothing sounds, if necessary, and to blow the whistle if the project looked like it needed to be cancelled (so that it could be done quietly, without public fuss).

In meetings before I arrived, the teams decided that they needed some firewalls, so some shiny new Nokias were bought to go into the racks next to the other shiny new Nokias. Now what to do?

In the first meeting I attended, they were struggling to decide what rules to put on the firewalls. Well, we don t really know what goes over the network, the consultant moaned. So I told him to go find out. A couple of days later, he came back crying that...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Firewalls
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.