Q

Implementing IDS in small- to medium-sized businesses

A real-world implementation of IDS in an SMB is beyond a lot of company budgets. Do you have a practical, cost effective tip for the large number of small- and medium-sized enterprises?


For a small- or medium-sized enterprise, you first need to do an overall infosecurity assessment. What threats are there to your data and business processes? Are you more concerned about the threat from your Internet connection or your insiders? Studies have shown that between 60% and 80% of all attacks are done by insiders.

Given that, for small to medium businesses, I would first make sure I had a firewall at my Internet interface, preferably one that did stateful inspection, filtering and NAT. If it could also do proxy-based services, so much the better.

Next would be some form of intrusion detection. A good product is the Cisco IDS (once known as NetRanger). You can deploy sensors at a number of places in your network (in front of the firewall, behind the firewall, in the DMZ, etc.) and manage them from a central console (called the director). Host-based intrusion detection is also useful. ZoneAlarm Pro is a good option for the cash-strapped. Using both is even better.

In regards to checksums of files and other similar techniques, TripWire is a tool that can be used to provide those services. While there is a commercial package for TripWire, there is an older version (still very useful) available to download for free (for Unix systems).

While you may not be able to afford to do everything suggested by that tip, there are quite a number of free or low cost things you can do. Another way to look at the problem is how much would it cost you if there was a major invasion of your network? What percentage of that cost are you willing to spend to protect your network? Think of that cost as an insurance premium.


For more information about this topic, visit these SearchSecurity.com resources:
  • Network Security Tip: Snort makes IDS worth the time and effort
  • Network Security Tip: Network-based IDS: How to deal with switches and segments
  • Network Security Tip: Where should I place my IDS sensors?
  • This was first published in July 2004

    Dig deeper on Network Intrusion Detection (IDS)

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close