Network Intrusion Detection

Securing an organization’s digital assets and information at the perimeter


Know What to Look For
Firewalls and Intrusion Detection Systems are designed as strong perimeter defenses. These are great products as long as there is a well-defined perimeter to the network. Unfortunately, most networks do not have a single in/out port. Now there are multiple entry points into the network, such as wireless access points, VPN, portable devices and possibly dial-up connections for maintenance or back-up purposes.
It is important to recognize that when perimeter defenses became stronger, attackers looked for easier ways to steal information. Attackers now target users by sending out phishing scams, convincing users to willingly give up their login credentials for online banking and ecommerce sites.

Despite constant training and reminders, people still succumb to phishing scams. End-users still download and install unauthorized software on their corporate computers, installing rootkits. And confidential information continues to leave an organization via e-mail attachments, USB devices and free online storage sites. Now corporations are faced with the concept of “extrusion detection,” monitoring and analyzing network traffic as it leaves an organization.
While intrusion detection systems are “a fact of life,” just like any other security mechanism, they are only a part of the overall security posture of an organization.
The concept of “defense in depth” — or multiple layers of security — is still the most valid approach to protecting an organization’s infrastructure and assets.

John Mallery is a managing consultant for BKD LLP, one of the ten largest accounting firms in the United States. He works in the Forensics and Dispute Consulting unit and specializes in computer forensics. He is also a co-author of “Hardening Network Security,” which was published by McGraw-Hill. He can be reached at jmallery@bkd.com.