Problem solve Get help with specific problems with your technologies, process and projects.

Implementing IDS in small- to medium-sized businesses

A real-world implementation of IDS in an SMB is beyond a lot of company budgets. Do you have a practical, cost effective tip for the large number of small- and medium-sized enterprises?

For a small- or medium-sized enterprise, you first need to do an overall infosecurity assessment. What threats are there to your data and business processes? Are you more concerned about the threat from your Internet connection or your insiders? Studies have shown that between 60% and 80% of all attacks are done by insiders. Given that, for small to medium businesses, I would first make sure I had a firewall at my Internet interface, preferably one that did stateful inspection, filtering and NAT. If it could also do proxy-based services, so much the better. Next would be some form of intrusion detection. A good product is the Cisco IDS (once known as NetRanger). You can deploy sensors at a number of places in your network (in front of the firewall, behind the firewall, in the DMZ, etc.) and manage them from a central console (called the director). Host-based intrusion detection is also useful. ZoneAlarm Pro is a good option for the cash-strapped. Using both is even better. In regards to checksums of files and other similar techniques, TripWire is a tool that can be used to provide those services. While there is a commercial package for TripWire, there is an older version (still very useful) available to download for free (for Unix systems). While you may not be able to afford to do everything suggested by that tip, there are quite a number of free or low cost things you can do. Another way to look at the problem is how much would it cost you if there was a major invasion of your network? What percentage of that cost are you willing to spend to protect your network? Think of that cost as an insurance premium. For more information about this topic, visit these SearchSecurity.com resources:
This was last published in July 2004

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)