Deploying Cisco IDS Sensors
In the first chapter, we briefly discussed some of the best
practices related to planning and managing the implementation of IDS sensors. In
general, security architects will find that IDS is best deployed near the
ingress/egress points of the network. This could include locations such as the
following:
-
Internet-connected Networks An IDS
connected near the Internet/Corporate demarcation point provides insight into
all traffic destined to and from the corporate network.
-
Extranet Networks IDSs near vendor and
partner portals or gateways provide visibility into these mixed zone,
semi-trusted networks.
-
Intranet Networks IDSs at the gateway
routers and firewalls between divisions such as Accounting, Human Resources, and
other sensitive internal groups.
-
Remote Access Networks Don't forget the
alternative points of entry and exit to your network. Remote Access Networks
could include traditional dialup RAS network, broadband VPN demarcation points,
or Wireless Access Points.
We also covered security policy generation through the Cisco
Security Wheel methodology and studied the Cisco AVVID architecture and SAFE
blueprint. All of these resources can help security architects and
administrators decide the most effective locations to place IDS in the
infrastructure.
Intelligent deployment of Cisco IDS sensors involves at a minimum,
three steps. These include
-
Understanding and analyzing the network
-
Identifying the critical infrastructure and services
-
Placing sensors based on network and
services function
We'll discuss each of these steps in this section.
|
Note |
Securing the network is part of the Secure step in the Cisco
Security Wheel process, which comes after building security policy. If
administrators are in the process of deciding where to deploy IDS, it is assumed
they have generated a comprehensive and solid security policy complete with
security zone definition and other critical attributes of the policy. |
Sections
Comments (0 posted)
Syndication
