Chapter 6. Intrusion Detection Systems
This chapter contains the following sections:
With the growth of the Internet, and the reliance of industry on it for revenue through business and e-commerce, come new challenges. A great deal of this book covers these new challenges and the risks associated with them. One area of network security that is becoming increasingly important is intrusion detection. You can spend tens of thousands of dollars implementing a corporate security policy that deploys technologically advanced hardware devices such as stateful firewalls and VPN terminators, but how can you actively monitor the data flow on your network to ensure that these devices are doing their jobs? One way to test the network integrity is to use a port scanner or vulnerability scanner from an outside interface to ascertain what is visible on the inside from the outside world. These devices are excellent tools, but they only inform network administrators of what they really should already know. A lot of attacks, especially denial of service (DoS) attacks, masquerade as legitimate session traffic. These attacks can bypass the common firewall technologies, because the firewall presumes that they are genuine users with genuine service requests. This is where intrusion detection plays a part in the total security solution. The intrusion detection system (IDS) passively listens to data on the network segment and matches the traffic pattern against known security signatures. Once this data is collected and interpreted, actions can be taken.
This chapter provides a basic introduction to intrusion detection. This overview looks at the two basic types of intrusion detection systems, host-based systems and network-based systems. The chapter then looks at the intrusion detection offerings from Cisco Systems that form part of the Cisco Secure product family. These offerings include the Cisco Secure Intrusion Detection System (CSIDS), the Cisco Secure PIX Firewall, and Cisco IOS Firewall. A sample configuration of the intrusion detection capabilities for both the PIX Firewall and the router running Cisco IOS Firewall is also provided.