Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention

   

















    Site Map

    Our Sponsors

    Home



Lending Gurus
Operations Gurus
Security Gurus
Marketing Gurus
Technology Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


The Value of Intrusion Detection
by Lawrence Levine, Managing Director, SecurePipe, Inc.


Question: My examiner says I should put in an intrusion detection system (IDS). I already have a firewall; what additional protection will an IDS provide?

Answer: Your firewall acts as a gatekeeper. It permits or denies traffic from entering your network based on its configuration rules which are created to reflect your institution's network access control policy.

The firewall typically sits at the "chokepoint" of an internet-facing system. That means it is the device that separates your trusted internal network from the wild, untamed, and un-trusted internet.

All traffic coming in and out of your network has an electronic envelope that specifies the source and destination. Instead of street addresses, it uses internet IP addresses. Additionally, each address has an associated "port" number that tells each end what kind of traffic is being sent.

For example, let's say you are hosting your own webserver. Webservers usually use port number 80 for traffic. Your firewall will then be configured to permit traffic through 80. (If you don't run a server, envelopes addressed to 80 will be rejected.)

So, if someone on the internet use a web browser and points to your site, your firewall will receive the request and based on the envelope, recognize it as web traffic and let it through.

But what if that web surfer was actually launching any of hundreds of known attacks against your webserver? Your firewall cannot catch this, because all it knows is "incoming port 80? Okay!"

An IDS system sits on your network and acts as a "sniffer" watching all the traffic going by. If it sees an envelope with a "port 80" destination, the IDS knows it is web traffic and can look *inside* to examine the actual content. Using this ability, it can look at the specific URL sent and determine if it is hostile. The IDS will then generate an alert so you can take appropriate action.

The IDS provides also provides an audit function for the firewall. Some surveys show that up to 82% of all firewalls are mis-configured. That means the access control policy is not being adequately implemented. An IDS can be configured to detect and respond to this situation.

Finally, an IDS has the ability to monitor traffic that never leaves your network -- meaning it is never even seen by the firewall. This internal traffic is generated by your trusted users. An IDS monitoring this traffic will report on unauthorized access. Further, it can act as an early warning mechanism when it sees signs of an internal virus or worm.

To conclude, an IDS gives you another layer of security to complement that provided by the firewall. Its role as an audit control for the firewall makes it essential and, in some cases, either legally mandated or recommended. If it fits within your budget, it is an excellent security measure.

SecurePipe SecurePipe delivers a complete network security solution -- the expert staff, innovative technology and the examiner compliant processes you need to dramatically improve your security posture and reduce costs. SecurePipe makes strong network security affordable by delivering 24x7 managed network security at a fraction of the cost of doing it in-house. To learn more, contact us toll-free at 1-877-248-1632 or email sales@securepipe.com to arrange a FREE security assessment to learn how your financial institution can benefit from managed security services.

First published on BankersOnline.com 8/2/04






Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.