Summary


Intrusion Prevention technology can provide a key component to the overall protection of your network. Initially deploying an IPS on your network does require careful consideration to match the capabilities of your IPS with your unique network configuration. Furthermore, configuring your IPS and monitoring the alerts generated by your IPS devices requires dedicated personnel.

Each IPS deployment is fairly unique depending on your network configuration. Regardless of your network configuration, however, you need to analyze your deployment from the following two perspectives:

  • Deploying Host IPS

  • Deploying Network IPS

The most effective Host IPS deployment involves deploying Host IPS on every host on your network. Some of the factors to consider when conducting a partial Host IPS deployment include the following:

  • Security policy requirements

  • Number of known exploits

  • Criticality of the systems

  • Accessibility of the systems

When deploying Network IPS on a large network, such as an enterprise network, you have to consider many factors. Some of the more important considerations include the following:

  • Security policy requirements

  • Maximum traffic volume

  • Number and placement of sensors

  • Business partner links (extranet connections)

  • Remote access

  • Identifying unprotected segments

Both Network and Host IPS configuration of your IPS is crucial to providing strong defense against attack. Some of the major factors to consider with respect to IPS configuration include the following:

  • Signature tuning

  • Event response

  • Software updates

  • Configuration updates

  • Device failure

Monitoring the security related events happening on your network is also a crucial aspect of protecting your network from attack. When planning your monitoring strategy, you need to consider the following factors:

  • Management method

  • Event correlation

  • Security manpower

  • Incident response plan

You deploy IPS to help secure your network. If you do not use secure communications protocols (such as SSH, HTTPS, and SNMPv3) and implement secure Layer 2 best practices to access your IPS devices, your IPS devices can become another avenue of attack. IPS communications fall into the following two categories:

  • Management communication

  • Device-to-device communication




Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net