NIDS Deployment Framework

Deploying a NIDS can be somewhat daunting, but if you begin with a common framework that applies to your environments, it becomes manageable and, dare we say, almost easy. This framework starts by defining a finite set of designs that should address your different network environments. For simplicity and brevity, we’ll look at the DMZ, the data center, and the extranet. You can modify these designs to suit other environments as well. The key is to try to apply the framework to the environment based on your knowledge of its function and topology, as we described in Chapter 3. Implement the framework via the following steps:

Analyze: Size your solution and select components based on the traffic requirements, function, and user base for the target environment.
Design: Choose from your list of designs and modify for any differences in network topology or function.
Deploy: Select and properly deploy hardware according to the design, making sure to accommodate any unique requirements.
Tune and manage: Adjust sensor configuration settings to eliminate false positives, build network intelligence into your alerts, deploy new attack signatures, and create custom signatures.

Analyze

You must consider several factors when taking on the task of analyzing any given environment. As you will see in the examples that follow, each factor will have varying levels of impact, with aggregate bandwidth and network topology carrying the most weight.

Aggregate bandwidth: To assess aggregate bandwidth, ...

Get Security Monitoring now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Monitoring by Chris Fry, Martin Nystrom

NIDS Deployment Framework

Analyze

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly