
	Home > Ask the Security Experts > Questions & Answers > Implementing IDS in small- to medium-sized businesses

Ask The Security Expert: Questions & Answers

EMAIL THIS

Implementing IDS in small- to medium-sized businesses

EXPERT RESPONSE FROM: Stephen Mencik

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 22 July 2004
A real-world implementation of IDS in an SMB is beyond a lot of company budgets. Do you have a practical, cost effective tip for the large number of small- and medium-sized enterprises?

For a small- or medium-sized enterprise, you first need to do an overall infosecurity assessment. What threats are there to your data and business processes? Are you more concerned about the threat from your Internet connection or your insiders? Studies have shown that between 60% and 80% of all attacks are done by insiders.

Given that, for small to medium businesses, I would first make sure I had a firewall at my Internet interface, preferably one that did stateful inspection, filtering and NAT. If it could also do proxy-based services, so much the better.

Next would be some form of intrusion detection. A good product is the Cisco IDS (once known as NetRanger). You can deploy sensors at a number of places in your network (in front of the firewall, behind the firewall, in the DMZ, etc.) and manage them from a central console (called the director). Host-based intrusion detection is also useful. ZoneAlarm Pro is a good option for the cash-strapped. Using both is even better.

In regards to checksums of files and other similar techniques, TripWire is a tool that can be used to provide those services. While there is a commercial package for TripWire, there is an older version (still very useful) available to download for free (for Unix systems).

While you may not be able to afford to do everything suggested by that tip, there are quite a number of free or low cost things you can do. Another way to look at the problem is how much would it cost you if there was a major invasion of your network? What percentage of that cost are you willing to spend to protect your network? Think of that cost as an insurance premium.

For more information about this topic, visit these SearchSecurity.com resources:

Network Security Tip: Snort makes IDS worth the time and effort

Network Security Tip: Network-based IDS: How to deal with switches and segments

Network Security Tip: Where should I place my IDS sensors?

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy