Question

Your current infrastructure includes an internet connection, which is connected to the ISP Router, connected to the firewall, connected to the network switch. Within the network you have an online store, a web server that provides internet information for employees only as well a file server that is used to save pet pictures of customers.

More Information

-Online Store – HP Procurve server – average transactions completed – 1500 per day.

-Web Server – Dell EMC server - Portal server that provides store sales report, employee of the month, pet of the month

-File Server – Both the online store and webserver have access to the images located on the file server as well the employees

List the requirements

Below are some questions that will help you start choose the requirements

1. Will this be a host based, network based or a hybrid based implementation?
   1. Why
2. How will the IDS detect threats – Signature or Anomaly Based
   1. Why
3. Are there going to be any IDS Sensors?
   1. Why
4. Where will you place the IDS; in-band, out-band or both
   1. Why

Answer 1

It is a network based implementation since there is one network only.

IDS will detect threats using Signature Based Detection because we will be matching the traffic to specified threats in the database and this database needs to be updated timley to keep in with new threats.

Yes,there going to be IDS Sensors since it will be using Signature Based detection.These sensors looks for specific, predefined patterns (signatures) in network and compares the traffic to a database of known attacks and triggers an alarm or prevents communication if a match is found. The signature may be based on a single packet or a sequence of packets.

I will place the IDS inline because I want to analyze and inspect every packet that enters my network.IDS placement actually depends upon the need of user , however in the give case the best scenario is to place it inline.All traffic passes through the IDS and the IDS can detect the malicius traffic.