Why Intrusion Detection Is Needed after Network Security

Simply put, firewalls are not enough either. Most firewall vendors have active intrusion detection strategies today. Why?

In order to be effective, all network traffic into the trusted network must pass through the firewall. Unfortunately, because many people use modems to connect to the outside world from the secure network, unwanted traffic can enter. This is only one of the reasons why firewalls alone are not enough to fulfill your security needs.

Firewalls are active security products. They run in real time and can even detect some kinds of hacker attacks, especially when the attack is a network probe. However, firewalls don’t know what happens once someone gets through the firewall. Any insiders who are misusing systems will not be detected by firewalls, either. If you’re still not convinced, you can always dig up your favorite two reasons:

•  Someone doesn’t configure the firewall properly.

•  A hacker can exploit a bug that already exists in the firewall implementation.

In this chapter, you saw how access control and I&A are equally important for network security. The basic ideas of TCP/IP and UDP/IP were introduced so that you could understand how these network protocols are attacked. A number of network hacks then were described. The major suggestion was to add some type of firewall architecture to enforce stronger access control. Introducing cryptographic techniques at the network or application layers also was recommended to significantly improve network security. Despite these enhancements, there are still security weaknesses that must be addressed by additional products.

Given the complex nature of these networks, monitoring is the only way you can be sure that you have specified the right security policy and that the policy is being implemented properly. Stronger I&A, better access control tools, and improved network security with firewalls and cryptography go a long way toward securing your site. However, if you really want to worry less, turn to Part 2, “Intrusion Detection: Beyond Traditional Security,” to see how monitoring and intrusion detection fill in the gaps left by other security tools.