Embed Size (px)
Citation preview
Intrusion Detection and
Prevention
Security is one of the most important aspects of any network.
You could have one of the most solid and sophisticated networks in the world, but without a secure network protecting your businesses critical data it would be considered stone-age by today's standards.
Without awareness, policies, software, hardware and updated technologies to combat today's threats, you are leaving yourself and your business accessible and vulnerable to an endless possibility of nightmares. A network without security is like storing all your money under your pillow instead of the bank.
What is an Intrusion?
Any unauthorized access or attempted access to a computer or network System
Network Intrusions Come in Many Different Ways.
• Virus (Such as an e-mail attachment)
• Vulnerable Service (Such as Microsoft FTP)
• Network Sniffing (Watching Traffic on the Net)
• Physical Access to a computer
• Many Many More
INTERNET
Server Workstation WorkstationModem
Worm
Hacker
Hacker
Some of the Ways to Secure your Investment
• Firewalls
• Firewall protection security system is a must if you are connected to the world-wide-web. Without a professionally configure firewall you are allowing yourself to be wide open for unwanted hackers to port scan and enter your network and access your system and data without your knowledge.
• IDS Systems
• Monitoring network activity is an important responsibility for network administrators, and is key to any security program. Those responsible for network security must monitor their networks with their security policy in mind, so that any violation of the policy will be detected and some action initiated when violations are detected. Intrusion detection systems (IDS's) provide security administrators with tools to monitor, detect and respond to security related incidents on the network.
Some of the Ways to Secure your Investment (Cont)
• IPS Systems
• An IPS has the ability to block attacks in real time. Where traditional IDSs passively monitor traffic by sniffing packets off a switch port, IPSs sit inline and actively intercept and forward packets. Through inline deployment, IPSs can drop packets or deny connections based on policy settings. Traditional IDSs have limited response mechanisms, such as resetting TCP connections or requesting a firewall rule change.
INTERNET
Server Workstation Workstation
Worm
Hacker
Hacker
Firewall
Intrusion Detection
Basic Firewall System
RouterFirewall
Managed SwitchINTERNET
IDS Monitor
Printer
DMZ
RouterFirewall
Managed Switch
IDS Sensor
Sniffing
INTERNET
Basic IDS System
IDS Monitor
Printer
DMZ
TC
P R
esetsRouter
Firewall
Managed Switch
IDS Sensor
Sniffing
INTERNET
Active IDS System
Wide Area Network IDS System
IDS Monitor
Printer
DMZ
TC
P R
esets
RouterFirewall
IDS Sensor
Sniffing
INTERNET
RouterRouter
Basic IDP System
IDP Monitor
TC
P R
esets
RouterFirewall
Switch
IDP Sensor
INTERNET
E-Commerce / Internet Banking IDS System
Internet
Cisco 12 Port Hub
Cisco 12 Port HubCisco PIX 515e
DMZ
Cisco IDS 4210
Cisco IDS 4210
Sni
ffin
g
Sni
ffin
g
Front End Web Server
IDS Monitor
Backend Server
Inside Network
Management
Management
Pub
lic
Priv
ate
Integrated Solutions Hosted Intrusion Detection System
Privat
e ATM
WAN Pivate ATM
WANP
riva
t e A
TM
WA
N
Integrated Solutions Core Router
IDS
Sen
sor
Integrated Solutions Firewall
Integrated Solutions InternetRouter
INTERNET
Where Should I Start?
• Information Security Officer The first step is to assign one person to be your assigned Information Security Officer. Whether that person is a member of your organization or a contractor, you need to have on person to head up this task. One of the biggest security risks to many businesses currently is not having centralized information.
Network Risk Assessment
• The second step is to evaluate your existing network. In most cases it is possible to design a security plan that will protect the network you already have in place. To do this you must understand how and why your network is configured the way that it is. You need to know where your critical data is stored, who and what should have access to this data. Most importantly, you need to know how this data can be accessed. This is usually done in three phases
• Information Gathering• Analyze Information• Prioritize Responses
Security Implementation
• Now that the assessment is done, it is time to start putting the pieces together. It is time to take the information that has been gathered and fit it to a solution that will compliment your current system.
This includes the following items:
Security Implementation
• Logical and Administrative Access Control• Access Rights Administration• Authentication• Network Access• Operating System Access• Application Access• Remote Access• Encryption• Encryption Key Management• Controls to Protect Against Malicious Code• Systems Development, Acquisition, and Maintenance• Host and User Equipment Acquisition and Maintenance• Training• Electronic Media Handling• Intrusion Detection and Response• Business Continuity Considerations
Security Testing
The next step in the process is security testing. As new vulnerabilities are constantly emerging with new technology, it is important to test your systems on a regular basis. This will allow you to verify that the system is working as designed as well as make sure you are on top of the newest exploit.
These test should include:
• Penetration Testing• Audits• Assessments
Monitoring and Updating
The last step in the process is Monitoring and Updating. This is a process that will need to be done ongoing to insure that your system works as it is supposed to. If you do not update the server to watch for the newest exploits and look at the information that it gives you, you are allowing access to your systems as if there is no security at all.
How can Integrated Solutions Help?
Integrated Solutions, Inc. assists you to ensure that your network systems reliably support and execute mission-critical business operations.
From network security infrastructure implementation to customized security solutions, Integrated Solutions, Inc. enhances network operations through proven, business-focused solutions.
Integrated Solutions, Inc. can Plan, build, or maintain a robust, scalable, and reliable network security infrastructure solution that supports business initiatives and performance requirements.
Integrated Solutions, Inc. can help you protect assets with security solutions tailored to your specific requirements. From state-of-the-art penetration testing to firewall and Intrusion Detection integration, Integrated Solutions, Inc. Consulting Services can design and implement a security solution for the financial industries requirements and your business model.
Integrated Solutions 5002 South 114th Street
Suite 100Omaha, NE. 68137
www.integratedsolutions.net
