Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
This chapter builds on the introductory discussions of intrusion detection systems (IDSs) presented in Chapter 3, "Understanding Defenses." This chapter delves into IDS concepts, uses, applications, and limitations. After the introduction to IDSs, their deployment and analysis are discussed in more detail. The concluding case study is a practical example of how organizations can inspect and monitor overall network activity using IDSs to protect their assets. | Sensor 1, connected on the inside network, sees only traffic that is permitted by the firewall or internal traffic that does not traverse the firewall. All intrusions reported by Sensor 1 require immediate attention and response from the network administrator. Protecting all internal connections on the firewall with a network sensor is the best practice. Sensor 2, connected on the outside network, sees all traffic targeted for the organization, including the traffic that is blocked by the firewall and all traffic leaving the organization's network. This sensor also monitors the DMZ traffic and inside traffic. Knowing what traffic is denied or permitted by the firewall, the network administrator must find out what reported intrusions reported by Sensor 2 are a danger for the network. This sensor also needs to protect the firewall itself against DoS attacks and tools generating noise on the network. Sensor 3 enables you to see which users are attempting to gain access to the protected network (DMZ). All three sensors provide visibility into which vulnerabilities are being exploited to attack servers, hosts, and so on.
