10
Chapter 1     Introduction to Intrusion Detection and Snort
Ideally a honey pot should look like a real system. You should create some fake
data files, user accounts and so on to ensure a hacker that this is a real system. This will
tempt the hacker to remain on the honey pot for a longer time and you will be able to
record more activity.
To have more information and get a closer look at honey pots, go to the Honey Pot
Project web site http://project.honeynet.org/ where you will find interesting material.
Also go to the Honeyd web site at http://www.citi.umich.edu/u/provos/honeyd/ to find
out information about this open source honey pot. Some other places where you can
find more information are:
  South Florida Honeynet Project at http://www.sfhn.net
  Different HOWTOs at http://www.sfhn.net/whites/howtos.html
1.1.4
Security Zones and Levels of Trust
Some time ago people divided networks into two broad areas, secure area and
unsecure area. Sometimes this division also meant a network is inside a firewall or a
router and outside your router. Now typical networks are divided into many different
areas and each area may have a different level of security policy and level of trust. For
example, a company's finance department may have a very high security level and may
allow only a few services to operate in that area. No Internet service may be available
from the finance department. However a DMZ or de militarized zone part of your net 
work may be open to the Internet world and may have a very different level of trust.
Depending upon the level of trust and your security policy, you should also have
different policies and rules for intruder detection in different areas of your network.
Network segments with different security requirements and trust levels are kept physi 
cally separate from each other. You can install one intrusion detection system in each
zone with different types of rules to detect suspicious network activity. As an example,
if your finance department has no web server, any traffic going to port 80 in the finance
department segment may come under scrutiny for intruder activity. The same is not true
in the DMZ zone where you are running a company web server accessible to everyone.
1.2 IDS Policy
Before you install the intrusion detection system on your network, you must have a pol 
icy to detect intruders and take action when you find such activity. A policy must dictate
IDS rules and how they will be applied. The IDS policy should contain the following
components; you can add more depending upon your requirements.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved