WHITE PAPER
Network IDS and IPS
Deployment Strategies
Nicholas Pappas
Copyright SANS Institute 2021. Author Retains Full Rights.
This paper was published by SANS Institute. Reposting is not permitted without express written permission.
© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Network IDS & IPS Deployment Strategies
GSEC Gold Certification
Author: Nicholas Pappas, pappy@cs.unm.edu
Adviser: Joel Esler
Accepted: April 2, 2008
Nicholas Pappas
1
@ 2021 SANS Institute
Author Retains Full Rights
© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Outline
1.Introduction........................................................................3
2.Network Intrusion Detection System (IDS)............................4
3.Network Intrusion Prevention System (IPS)...........................7
4.Key Differences Between IDS & IPS.......................................9
5.Network Segregation & Trust Zones.....................................10
6.Connecting an IDS Device....................................................15
7.Connecting an IPS Device.....................................................18
8.IDS & IPS Tuple Deployment.................................................20
9.Practical Applications and Uses............................................27
10.Conclusions.......................................................................30
11.References.........................................................................33
12.Appendix A: Step by Step Build of an IDS/IPS....................34
Nicholas Pappas
2
@ 2021 SANS Institute
Author Retains Full Rights
© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
| 