10


Chapter 1     Introduction to Intrusion Detection and Snort


Ideally a honey pot should look like a real system. You should create some fake


data files, user accounts and so on to ensure a hacker that this is a real system. This will


tempt the hacker to remain on the honey pot for a longer time and you will be able to


record more activity.


To have more information and get a closer look at honey pots, go to the Honey Pot


Project web site http://project.honeynet.org/ where you will find interesting material.


Also go to the Honeyd web site at http://www.citi.umich.edu/u/provos/honeyd/ to find


out information about this open source honey pot. Some other places where you can


find more information are:


  South Florida Honeynet Project at http://www.sfhn.net


  Different HOWTOs at http://www.sfhn.net/whites/howtos.html


1.1.4


Security Zones and Levels of Trust


Some time ago people divided networks into two broad areas, secure area and


unsecure area. Sometimes this division also meant a network is inside a firewall or a


router and outside your router. Now typical networks are divided into many different


areas and each area may have a different level of security policy and level of trust. For


example, a company's finance department may have a very high security level and may


allow only a few services to operate in that area. No Internet service may be available


from the finance department. However a DMZ or de militarized zone part of your net 


work may be open to the Internet world and may have a very different level of trust.


Depending upon the level of trust and your security policy, you should also have


different policies and rules for intruder detection in different areas of your network.


Network segments with different security requirements and trust levels are kept physi 


cally separate from each other. You can install one intrusion detection system in each


zone with different types of rules to detect suspicious network activity. As an example,


if your finance department has no web server, any traffic going to port 80 in the finance


department segment may come under scrutiny for intruder activity. The same is not true


in the DMZ zone where you are running a company web server accessible to everyone.


1.2 IDS Policy


Before you install the intrusion detection system on your network, you must have a pol 


icy to detect intruders and take action when you find such activity. A policy must dictate


IDS rules and how they will be applied. The IDS policy should contain the following


components; you can add more depending upon your requirements.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved