Network Defense

1. Intrusion Detection & Prevention System 

IDS Placement




Placement A: IDS using hub or switch spanning port
  • Able to see all traffic passing through
  • Drawback: Intercepting traffic not intentionally sent to them
  • Drawback: Packets are missed when switch is busy

Placement B: IDS using network tap
  • Replicate data passed through wire
  • Needed when network doesn’t have manged switches/hub

Placement C: IDS connected Inline
  • Guarantee all packets will be seen
  • Drawback: Failure of IDS will prevent systems on the internal network from communicating with external systems

IPS Placement

IPS always connected inline


IDS and IPS Placement



  • IPS tuned more conservatively (False Negative) 
  • IDS tuned to be very aggressive

2. Honeypot 

Honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems.

Honeypot deployment on Windows

Download Honeybot from http://www.atomicsoftwaresolutions.com






Reference
NIST SP 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS)
SANS: Network IDS & IPS Deployment Strategies

Popular posts from this blog