Data Center Equipment And Terms | Part 3
Intrusion Detection System
Intrusion Detection System or IDS refers to the technical means to detect in a network when it is having unauthorized access that may indicate the action of a cracker or even malicious employees. With the fast growth in technology infrastructure and services in both the network protocols becomes increasingly difficult to implement intrusion detection system. This fact is intimately connected not only the speed at which technologies advance, but mainly with the complexity of the means that are used to increase security in data transmission.
A much discussed solution is to use host-based IDS that analyzes traffic on an individual in a network. In host-based IDS is installed on a server to alert and identify attacks and attempts at unauthorized access to the machine itself.
Below is a brief demonstration of how certain technologies can hamper the use of intrusion detection systems.
SSL, IPSec and other
IDS network-based or network-based, monitoring the headers and data field of the packets in order to detect possible intruders in the system and access that can impair network performance. The deployment of encryption (implemented via SSL, IPSec and others) in data transmission as a safety impairs this process. This ciframento can be applied in the packet header in the data area of the package or even the whole package, and preventing or hindering the understanding of data by entities other than its real destination.
In IPSec transport mode is similar to SSL, authenticating and protecting only the data area of the IP packet; already in tunnel mode the entire IP packet is encrypted and encapsulated. As can be seen in transport mode an IDS can check only the packet header, while the tunnel mode or the header and not the data area.
IDS on switched networks
The implementation of IDSs switched networks (in the case-based switching) allow direct communication, not shared between two devices. This feature introduces some difficulties for the implementation of IDS compared with the networks broadcast.
As this type of network data travels directly to their destinations (without diffusion) becomes necessary, the deployment of IDSs, some specific solutions. The use of Port Span is the use of switches with embedded SDI. The decision to use should be discussed before purchasing the network hubs (switches).
Using Splitting and Optical Wire Tap is a solution that involves placing a “listening” between a switch and a network device that you wish to monitor. A fairly cheap way of doing this (Ethernet and Fast Ethernet) is the placement of a broadcast network hub (hub) on the connection you wish to inspect. In the case of optical fibers just add an optical device called a tap. The use of Port Mirror consist of making the switch mirroring traffic from one port to another only used for monitoring. This method is similar to wire tap but is deployed in the switch itself.
IDS in high speed networks
Technological developments have also enabled a greater number of networks have high speed data transmission. Under the terms of deployment of IDS this becomes a very delicate point that brings important issues in the maintenance of infrastructure networks, including: The IDS software able to analyze any large amount of data that travel over the network? The hardware monitoring traffic bear size? The IDS will not harm the network performance becomes a bottleneck?
These and other issues, has been widely discussed generating several solutions to overcome these problems or potential problems; including:
- Increase the processing power equipment
- Monitoring using administrator defined Target IDS
- Resources Filtering IDS
- Segregation of service by IDS (IDS Specialist)
HVAC (Heating, Ventilation, and Air Conditioning)
HVAC is an abbreviation, used extensively in all fields of industry, which stands for Heating, Ventilation, and Air Conditioning.
Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.
To be continued…
