For a small- or medium-sized enterprise, you first need to do an overall infosecurity assessment. What threats are there to your data and business processes? Are you more concerned about the threat from your Internet connection or your insiders? Studies have shown that between 60% and 80% of all attacks are done by insiders. Given that, for small to medium businesses, I would first make sure I had a firewall at my Internet interface, preferably one that did stateful inspection, filtering and NAT. If it could also do proxy-based services, so much the better. Next would be some form of intrusion detection. A good product is the Cisco IDS (once known as NetRanger). You can deploy sensors at a number of places in your network (in front of the firewall, behind the firewall, in the DMZ, etc.) and manage them from a central console (called the director). Host-based intrusion detection is also useful. ZoneAlarm Pro is a good option for the cash-strapped. Using both is even better. In regards to checksums of files and other similar techniques, TripWire is a tool that can be used to provide those services. While there is a commercial package for TripWire, there is an older version (still very useful) available to download for free (for Unix systems). While you may not be able to afford to do everything suggested by that tip, there are quite a number of free or low cost things you can do. Another way to look at the problem is how much would it cost you if there was a major invasion of your network? What percentage of that cost are you willing to spend to protect your network? Think of that cost as an insurance premium.
For more information about this topic, visit these SearchSecurity.com resources:
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.