Earlier this month I installed a new firewall in our brand new offices. Setting it up was a bit of a hassle, considering the company policy was yet not created. Also, we installed some firewalls on all the devices (McAfee) seeing that different computers do different things – with different security levels.
But this was not my strongest side. In the past my concerns has been related to server security, passwords, website monitoring etc. Handling the security of a complete office floor seemed daunting. That is why it was very welcome that we this week had to study exactly that.
So, regarding firewalls. They will not work straight out of the box as a security device unless they are being set up properly. They need to have a set of rules determined by the company policy – like for example blocking all traffic from Facebook or other potential malicious sites or sources. They are able to look at the packages that go through the network and determine which ones are allowed to pass through. But firewalls are not magic, there is almost always a way to get in.
And that leads us to Intrusion Detection Systems (IDS). You can install an IDS on you network or devices to “sniff” out any types of intrusions that might come your way. What is does is detect and alert for suspicious activity. This can mean the changing of files, logging into the system at odd hours and much more. If it detects something suspicious going on – it will alert the administrator. These types of IDS we call passive. But there is also Intrusion Prevention Systems – which are similar but “active”. This means that it does not only detect and alert – it can also take an appropriate action against it. Like deleting files and logging out users. This on the other hand can have some bad side effects in case of false negatives. You dont want someone working overtime getting kicked of the system. Having an active IDS also means you need security administrator on call 24/7.
A good example of an IDS is Snort, which you can find here: snort.org