Chapter 4: Introduction to Intrusion Detection Systems | The Best Damn Firewall Book Period

Introduction

"Intruder Alert! Intruder Alert! Warning, Will Robinson!" When we heard that ominous announcement emanating from a robot as it twisted and turned with arms thrashing and head spinning, we sat galvanized to our televisions waiting for the intruder to reveal itself. Would this be the end of Will Robinson, as we knew him?

All right, this might be a bit dramatic for a prelude to a discussion of intrusion detection, but with most security administrators, when a beeper goes off there is a moment of anxiety. Is this the big one? Did they get in? Do they own my network? Do they own my data?

These and many other questions flood the mind of the well-prepared security administrator. Conversely, the ill-prepared security administrator, being totally unaware of the intrusion, experiences little anxiety. For him, the anxiety comes later.

Okay, so how can a security-minded administrator protect his network from intrusions? The answer to that question is quite simple, with an intrusion detection system.

Note

Intrusion detection works in conjunction with firewalls in various ways. One of the ways is to use intrusion detection is to test your firewall rules to make sure they are working properly. One of the other ways is to use intrusion detection and firewalls to set rules for a firewall. For more information on integrating an IDS with a firewall, refer to Chapter 31 of this book, "Combining Firewalls and IDS."