What is Intrusion Detection?
9
As you can see from Figure 1 4, typically you should place an IDS behind each of
your firewalls and routers. In case your network contains a demilitarized zone (DMZ),
an IDS may be placed in that zone as well. However alert generation policy should not
be as strict in a DMZ compared to private parts of the network.
1.1.3
Honey Pots
Honey pots are systems used to lure hackers by exposing known vulnerabilities
deliberately. Once a hacker finds a honey pot, it is more likely that the hacker will stick
around for some time. During this time you can log hacker activities to find out his/her
actions and techniques. Once you know these techniques, you can use this information
later on to harden security on your actual servers.
There are different ways to build and place honey pots. The honey pot should have
common services running on it. These common services include Telnet server (port 23),
Hyper Text Transfer Protocol (HTTP) server (port 80), File Transfer Protocol (FTP)
server (port 21) and so on. You should place the honey pot somewhere close to your
production server so that the hackers can easily take it for a real server. For example, if
your production servers have Internet Protocol (IP) addresses 192.168.10.21 and
192.168.10.23, you can assign an IP address of 192.168.10.22 to the honey pot. You can
also configure your firewall and/or router to redirect traffic on some ports to a honey pot
where the intruder thinks that he/she is connecting to a real server. You should be care 
ful in creating an alert mechanism so that when your honey pot is compromised, you are
notified immediately. It is a good idea to keep log files on some other machine so that
when the honey pot is compromised, the hacker does not have the ability to delete these
files.
So when should you install a honey pot? The answer depends on different criteria,
including the following:
  You should create a honey pot if your organization has enough resources to
track down hackers. These resources include both hardware and personnel. If
you don't have these resources, there is no need to install a honey pot. After all,
there is no need to have data if you can't use it.
  A honey pot is useful only if you want to use the information gathered in some
way.
  You may also use a honey pot if you want to prosecute hackers by gathering
evidence of their activities.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved