Can an IDS, DMZ and honeypot together achieve better network security?

An IDS and DMZ can be used together to achieve better network security, but expert Mike Chapple explains which tool is too risky to add to the mix.

How can an IDS, DMZ and honeypots work together to achieve better security?

Intrusion detection systems (IDS) and demilitarized zones (DMZ) play critical roles in the security of modern enterprises. I strongly recommend that anyone with Internet-facing systems implement both of these technologies to improve the security of their networks.

Your IDS provides you with visibility into activity on your network. It monitors network activity, seeking out...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

suspicious actions that may represent attacks on your network. In IDS mode, the system alerts administrators to this suspicious activity for further investigation. It's also possible to put many systems into intrusion prevention system (IPS) mode, transforming the IDS from a passive device to one that plays an active role in your network security by blocking malicious activity from entering your network in the first place. For more on this topic, see the Intrusion Detection and Prevention Learning Guide.

DMZs allow you to isolate systems that offer public services to Internet users in a single area of your network. You can then provide the DMZ with limited access to your internal network. The goal is to minimize the ability of an intruder to penetrate your internal network if he or she compromises an exposed system in the DMZ. For more information on implementing DMZs, see my Firewall Architecture Tutorial.

Finally, you also asked about honeypots in your question. Unlike the two other technologies you mentioned, I strongly discourage the use of honeypots unless you're conducting active security research and have a need to attract malicious activity to your network. As you may know, honeypots are systems that are designed to be compromised in an effort to attract hackers and malware so that they may be monitored in a controlled environment. This type of activity is extremely risky – if you misconfigure your honeypot, you may wind up with a true compromise on your hands!

More information:

Find out the best possible IDS for an Enterprise Resource Planning system.
Learn how to build a solid DMZ.
Learn more about the risks honeypots pose to enterprises.

This was last published in August 2008

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

DMZ (networking) In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks -- usually the internet.

Is Hybrid DMZ Reference Designs for vCloud Air what it claims to be? VMware's reference architecture, Hybrid DMZ Reference Designs, brings network connectivity to vCloud Air data centers. But is it really based on the DMZ, as its name implies?

Can a read-only domain controller maximize DMZ security? Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.

Virtual DMZ security in the cloud Virtual DMZ cloud configurations require specific security tactics. Expert Dejan Lukan looks at the different types of virtual DMZs and how they differ from physical DMZs.

DMZ setup: Ditching virtual machines for Platform as a Service Using Platform as a Service to host DMZ workloads brings cloud computing benefits to your DMZ setup. It’s easier to scale and less complex to build.

What low-budget methods can identify network attacks proactively? Instead of using a honeypot, Mike Chapple has a better recommendation for weeding out malicious traffic that could jeopardize your enterprise network.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

3 networking startups rearchitect routing

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

The technological evolution of IT industry leaders: 2000 - 2020

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.