New-gen intrusion
detection and prevention
Prevention is better than a cure when it
comes to network security, says Yoram
Ehrlich, VP of Products, Niagara Networks.
He offers some best practice guidance for
organisations and enterprises looking to
improve their own procedures.
An ounce of prevention
Benjamin Franklin’s famous saying, ‘an
ounce of prevention is worth a pound
of cure’, is as good as it gets when
considering network security. When
facing intelligent, determined enemies,
one must proactively address two
key lynchpins well in advance – the
technological and human factors.
Technologically, network architects can
take a next-gen approach by pairing
intrusion prevention and detection
systems. However, a purely technological
approach is insufficient.
Your staff are the often under-
appreciated front-line in the battle for
network security.
Protect and detect
Intrusion prevention systems (IPS) and
intrusion detection systems (IDS) can
be deployed alone but are generally
combined. An IPS examines network
www.intelligentciso.com
|
Issue 06
If malicious
Yoram Ehrlich, VP
of Products,
activity is
Niagara Networks
detected, an
automated warning
is sent to the system administrator to
block the source of the traffic to secure
the network. There are a variety of
IDSs, including:
▯ ▯ Network Intrusion Detection
Systems (NIDS)
▯ ▯ Host Intrusion Detection
Systems (HIDS)
▯ ▯ Signature-based IDS
Detection methods
To detect and identify malicious data
packets, two types of detection methods
are generally used.
The first type of detection method is
signature-based detection. Malware
has a signature or recognisable pattern
that IDSs use to identify malicious
data packets based on a database of
signatures. The other type of detection
method is based on traffic heuristics
or statistical anomaly detection, which
measures parameters of behaviours
established by tracking legitimate traffic
over a period of time. If the parameters
are violated, the IPS will take steps to
protect the network.
Traffic heuristics are useful in detecting
threats that are yet unknown in the
65
Your employees must be educated
to circumvent problems and how to
respond when an issue arises.
traffic to identify
threats and
prevent access.
The IDS is a
network monitoring
tool used to surveil
network traffic in
case a malware
penetration
has occurred.