Network Security Sensors

1007 Words5 Pages
There are numerous network security devices and tools available intended to aid in computer network defense, and these tools are often relied upon for protecting against increasingly sophisticated, stealthy, and damaging attacks. This will be an analysis of the features and benefits for various Intrusion Detection/Prevention Systems (IDPS) and other network traffic monitoring tools in regards to defending high value targets against attacks from advanced persistent threats. The current generation of security devices has an exceedingly difficult time in providing an absolute defense against such threats, and the situation is particularly grim for targeted, novel attacks. Due to the multitude of tools and device categories available, it can be very difficult to identify the correct tool for the job at hand and to fully understand the seemingly infinite combination of interactions that can occur within the network. To simplify this problem, the primary network sensor that will be looked at is the IDPS. Intrusion Detection/Prevention System Categories Technically, Intrusion Detection Systems and Intrusion Prevention Systems are different. However, they essentially work via the same mechanism and share similar goals. IDS and IPS will both monitor the network and try to identify malicious activity originating from or traveling within the network; the IPS just has the additional functionality of automatically blocking such activity because it usually sits inline with traffic flow. There are four general types of IDPS, as defined by NIST: I will focus on the Network-Based and Network Behavior Analysis types, due to my network security background. These IDPS types will monitor the network or network segment they are connected t... ... middle of paper ... ... some products, this could be up to a 43.5% increase (Cisco and IBM IDPS products). IDPS' do have limitations. For example, IDPS' are susceptible to failure under high loads or DoS attacks, and this can mean dropping packets or simply not analyzing necessary packets. Especially for IPS, the capacity of the system is very important when considering products. Another notable IDPS weakness is IDS evasion. In this scnenario, the format or timing of the attack is altered (for example, fragmented packets), but the effect is the same. This may elude detection from IDPS that do not fully reassemble packets or cannot keep stateful information. IDPS are also unable to fully read and analyze encrypted traffic. If this is a problem, sensors need to be placed in positions where they are able to see packets in plaintext. The placement and components of IDPS is also important.

More about Network Security Sensors

Open Document