Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

NIDS Deployment Framework

Deploying a NIDS can be somewhat daunting, but if you begin with a common framework that applies to your environments, it becomes manageable and, dare we say, almost easy. This framework starts by defining a finite set of designs that should address your different network environments. For simplicity and brevity, we’ll look at the DMZ, the data center, and the extranet. You can modify these designs to suit other environments as well. The key is to try to apply the framework to the environment based on your knowledge of its function and topology, as we described in Chapter 3. Implement the framework via the following steps:

Analyze

Size your solution and select components based on the traffic requirements, function, and user base for the target environment.

Design

Choose from your list of designs and modify for any differences in network topology or function.

Deploy

Select and properly deploy hardware according to the design, making sure to accommodate any unique requirements.

Tune and manage

Adjust sensor configuration settings to eliminate false positives, build network intelligence into your alerts, deploy new attack signatures, and create custom signatures.

Analyze

You must consider several factors when taking on the task of analyzing any given environment. As you will see in the examples that follow, each factor will have varying levels of impact, with aggregate bandwidth and network topology carrying the most weight.

Aggregate bandwidth

To assess aggregate bandwidth, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page