Intrusion Detection Systems for your network: Part I
The Prince of darkness is a gentleman- Shakespeare, King Lear, III, 4
We have in the past covered some topics on security, namely: how insecure can a stock Linux installation be and what measures you should take to plug those unwanted holes and how to setup a firewall to secure your S.O.H.O. network from the anarchy of the internet. In this series, we will lay a framework that will help you understand the need for an Intrusion Detection System (IDS) and what security measures it would put in place. This includes measures that will help you conduct a postmortem on your system in case of breach of security measures either internally or externally.
As a System administrator of a *NIX network it is your responsibility to ensure that your *NIX machines are running in perfect condition and to see to it that valuable customers and transactions are not lost, by minimizing the down time. This responsibility becomes even more pressurizing when we talk about today's scenario wherein smooth flow of high volume traffic is the need of the hour in most environments. It is a known fact that most big names in the business of E-Commerce hardware / software solutions, expect 99.99999 %(that's the five 9 concept) uptime.
Fundamental concepts of protecting your digital enterprise:
In general, there are various options that you could choose from to sanitize your network. It may be a Firewall on your corporate gateway with a DMZ( De - Militarized Zone ) hosting your Web, Mail servers and databases or simply speaking it could be just a simple packet filtering Firewall.
These security measure are meant to prevent unlawful entry into the local network and last but not the least, to also prevent unwanted access to your personal resources. Therefore, these measures only help by warding away the threats to your network. However, what about breaches in security measures that you already have put in place. Have you ever wondered as to how would you carry out a postmortem analysis of your infected system or your network whose security was just breached?