Small IDS Deployment
Our first example (Figure 2.3) involves the
Nittany Corporation, who has a small internal network and a server farm DMZ that
houses all internally and externally accessed services. The organization relies
heavily on its e-commerce web site and e-mail server for business success.
After fully investigating the network architecture, the security
administrator knows that a lot of potentially dangerous network traffic flows
from the Internet to the DMZ. She makes this network her first priority for IDS.
She also knows that the web and e-mail servers are absolutely critical to
business, so she chooses to deploy host sensors on these servers for extra
application layer protection. Finally, the security administrator knows, based
on firewall alerts and log files, that a lot of attacks are directed towards the
internal network of her company.
The Nittany Company is small, however, and is restricted to a
fairly tight budget. Thus, it cannot afford multiple IDS sensors.
While the primary intent of the IDS deployment may be to safeguard
the company's critical servers, the company can get the added benefits of
multinetwork coverage by selecting the Cisco 4215 IDS Sensor. By using the
optional 10/100Base-TX interfaces, the security administrator can simultaneously
monitor the external, internal, and DMZ networks as shown earlier. Since the
4215 is capable of performing at 80 Mbps, it is a good choice—the company's
internal network is only 100 Mbps and the dual Internet connections provide
roughly 3 Mbps maximum combined throughput.
Furthermore, because she's selected to install Cisco Host IDS
sensors on the critical servers, the Nittany Corporation will have extra
protection at the service endpoints operating systems and at the application
layer.
From a cost perspective, this solution allows the company to
deploy IDS in multiple network segments without the cost of additional IDS
sensors.
Sections
Comments (0 posted)
Syndication
