PCI DSS Network Intrusion Detection Systems

Network Intrusion Detection Systems (NIDS) An independent platform that examines network traffic patterns to identify intrusions for an entire network. NIDSes need to be placed at a choke point where all traffic traverses. A good location for this is in the DMZ.

Host-based Intrusion Detection System (HIDS): Analyzes system state, system calls, file-system modifications, application logs, and other system activity.

Application Protocol-based Intrusion Detection Systems: Monitors and analyzes application specific protocols.

Protocol-based Intrusion Detection Systems: Monitors and analyzes the communication protocol between a server and the connected device (another system or end user).

Hybrid Intrusion Detection Systems: Combines one or more of the approaches above. In most networks, an IDS is placed in one of three configurations:

Hub Configuration: Allows for an easy and affordable implementation. The IDS is connected to a hub in the network segment to be monitored. When traffic traverses a hub, it is broadcasted to all ports, unlike a switch. The IDS can then be connected to any port and monitor the traffic as demonstrated in Figure 4.6.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Technorati

Trackback URL for this post:

http://www.securitycompliances.com/trackback/19

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • himoro1778
  • ur743v256
  • handbags1314
  • pkj8o6w74
  • l0w8y4x7b3