Our organization is looking to proactively identify network intrusions, and we've experimented with a number of...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
methods. One that we're probably going to continue is combining a honeypot in the DMZ with an IDS. Are there better low-budget methods for spotting network intrusions?
I strongly endorse the use of an intrusion detection system (IDS) or intrusion prevention system (IPS) on your network. This proven technology can help weed out malicious traffic that could jeopardize your network. For more on this topic, I suggest that you read my tip: Network intrusion prevention systems: Should enterprises deploy now?
From the editors: More on sidebars
Read an excerpt from Virtual Honeypots: From Botnet Tracking to Intrusion Detection.
Honeypots, on the other hand, are dangerous. Ask yourself seriously why you'd want to put a system on your network that is intended to be attacked. Honeypots are implemented with intentional vulnerabilities so that an attacker's activities and methods can be studied. The resulting information can be used to increase network security. But what if something goes wrong with the honeypot configuration, and the attacker is able to gain access to your network? How would you explain that to management? Putting up a honeypot is akin to hanging a sign inviting hackers to attempt to penetrate the network. Unless you're working for a firm specializing in security research, I wouldn't touch that one with a ten-foot pole.
Dig Deeper on Monitoring Network Traffic and Network Forensics
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.