Ask the Expert

Can an IDS, DMZ and honeypot together achieve better network security?

How can an IDS, DMZ and honeypots work together to achieve better security?

    Requires Free Membership to View

Intrusion detection systems (IDS) and demilitarized zones (DMZ) play critical roles in the security of modern enterprises. I strongly recommend that anyone with Internet-facing systems implement both of these technologies to improve the security of their networks.

Your IDS provides you with visibility into activity on your network. It monitors network activity, seeking out suspicious actions that may represent attacks on your network. In IDS mode, the system alerts administrators to this suspicious activity for further investigation. It's also possible to put many systems into intrusion prevention system (IPS) mode, transforming the IDS from a passive device to one that plays an active role in your network security by blocking malicious activity from entering your network in the first place. For more on this topic, see the Intrusion Detection and Prevention Learning Guide.

DMZs allow you to isolate systems that offer public services to Internet users in a single area of your network. You can then provide the DMZ with limited access to your internal network. The goal is to minimize the ability of an intruder to penetrate your internal network if he or she compromises an exposed system in the DMZ. For more information on implementing DMZs, see my Firewall Architecture Tutorial.

Finally, you also asked about honeypots in your question. Unlike the two other technologies you mentioned, I strongly discourage the use of honeypots unless you're conducting active security research and have a need to attract malicious activity to your network. As you may know, honeypots are systems that are designed to be compromised in an effort to attract hackers and malware so that they may be monitored in a controlled environment. This type of activity is extremely risky – if you misconfigure your honeypot, you may wind up with a true compromise on your hands!

More information:

This was first published in August 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: