[ Thanks to Trevor
Warren for this link. ]
“In this series, we will lay a framework that will help you
understand the need for an Intrusion Detection System (IDS) and
what security measures it would put in place. This includes
measures that will help you conduct a postmortem on your system in
case of breach of security measures either internally or
externally.”
“As a System administrator of a *NIX network it is your
responsibility to ensure that your *NIX machines are running in
perfect condition and to see to it that valuable customers and
transactions are not lost, by minimizing the down time. This
responsibility becomes even more pressurizing when we talk about
today’s scenario wherein smooth flow of high volume traffic is the
need of the hour in most environments. It is a known fact that most
big names in the business of E-Commerce hardware / software
solutions, expect 99.99999 %(that’s the five 9 concept)
uptime….”
“In general, there are various options that you could choose
from to sanitize your network. It may be a Firewall on your
corporate gateway with a DMZ( De – Militarized Zone ) hosting your
Web, Mail servers and databases or simply speaking it could be just
a simple packet filtering Firewall.”
“These security measure are meant to prevent unlawful entry into
the local network and last but not the least, to also prevent
unwanted access to your personal resources. Therefore, these
measures only help by warding away the threats to your network.
However, what about breaches in security measures that you already
have put in place. Have you ever wondered as to how would you carry
out a postmortem analysis of your infected system or your network
whose security was just breached?”