Securing IPS Communications

Previous page
Table of content
Next page

You deploy IPS to help secure your network. If you do not use secure communications protocols to access your IPS devices, however, your IPS devices can become another avenue of attack.

IPS communications fall into the following two categories:

  • Management communication

  • Device-to-device communication

Management Communication

You need to configure and manage your IPS devices and applications. Doing this management and configuration directly on each device is very time consuming. Therefore, you usually perform many management and configuration tasks across the network. The network protocols that you use to communicate to your IPS devices need to be secure. Your options to perform secure management access are as follows:

  • Out-of-band management

  • Secure protocols

Out-of-Band Management

Out-of-band management involves using a network that is dedicated solely to management access. This network connects your IPS devices with a limited number of management systems, which makes it more difficult to attack. Because the network is solely for management, you can use protocols for management that you would not ordinarily use.

For example, an insecure management protocol such as Simple Network Management Protocol (SNMP) version 1 does not provide encrypted communication. Anyone who passively monitors that network can capture sensitive authentication credentials. Therefore, the use of SNMP version 1 is not recommended. However, some management systems do not support secured protocols. An out-of-band network is one way to mitigate the risk of using them because you are physically limiting access to only trusted systems.

Note

For an example of how to deploy an out-of-band management network, refer to the Cisco SAFE Enterprise white paper on the Cisco website.


Secure Protocols

Providing a totally separate management network is costly. A more common management solution involves using secure protocols such as Secure Shell (SSH). SSH encrypts the traffic going across the network, making it impossible for an attacker to easily capture authentication credentials by simply sniffing network traffic. Some of the secure protocols commonly used for management include the following:

  • SSH

  • Secure Hypertext Transfer Protocol (HTTPS)

  • SNMP version 3

Note

Even when using secure management protocols, however, you should implement Layer 2 security best practices to protect your network. Without implementing Layer 2 protections, an attacker can spoof traffic on your network and potentially compromise some of your secure management protocols.


Device-to-Device Communication

In many situations, your IPS devices communicate with each other or with other infrastructure devices. Some common examples of this communication with Cisco IPS devices include the following:

  • Sensor communication with a master blocking sensor

  • Sensor communications with a managed device

A managed device is an infrastructure device (such as a router, firewall, or switch) that your IPS device uses to deploy ACLs in response to attacks against the network. Only one IPS device can control the ACL on a specific managed device. When you configure your IPS device as a master blocking device, another IPS device can initiate an ACL on the managed device by communicating with the controlling IPS device (master blocking sensor).



Previous page
Table of content
Next page
Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115
Authors: Earl Carter, Jonathan Hogue
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
MySQL Stored Procedure Programming
A Practitioners Guide to Software Test Design
MySQL Clustering
802.11 Wireless Networks: The Definitive Guide, Second Edition
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy