Designing an IDS for LedGrafix

In this lab, you'll need the work you've done for previous labs to design an IDS solution for LedGrafix, Gather your latest network diagram, and security policy. You've been designing LedGrafix's network using a distributed and layered security approach. You have also followed accepted best practices and performed important steps that are often overlooked, for ex, developing a security policy. Your security policy will continue to provide guidance as you work through this lab. Using your updated security policy that incorporates a remote access solution, you will develop an intrusion detection solution for LedGrafix's network resources.

There are several decisions you must make to design an effective IDS solution. First, you must decide what the goals are for the IDS. Next, you must determine where sensors should be deployed. Do you need a centralized or distributed design? Then you must decide what administrative tools you need and begin investigating products that provide services you need.

Please, read the following on IDS design (FILE ATTACHED).

1. Determine the goals for your IDS. Does it need to examine all traffic into or out of the network or only traffic on specific segment? Should each host be monitored or only servers or machine hosting confidential data or applications? Refer to risk analysis in your text if you need a refresher on how to determine what areas are most critical to protect or more at risk of intrusion. After you have defined your goals for the IDS, you can decide where the sensors should be developed.
2. Review your network diagram to locate all points of entry into your network. Don't forget to include remote access, dial-up, VPN, and even any deliberate administrative "back doors" you have integrated. Using a copy of your diagram, mark points of entry.
3. Locate any internal hosts that are particularly critical, such as research and development servers, database servers containing customer or employee informfation, domain controllers, global catalog servers, and so forth. Mark them on your diagram.
4. Determine which segments, switches, or routers provide access to the internal hosts noted in Step 3 and any others that serve critical or confidential areas. Mark these hosts on your diagram.
5. Use your updated network diagram to determine optimum placement of sensor. The goal is to place as few sensors as possible (to reduce deployment costs and minimize installation and administrative effort) yet still provide coverage of all critical areas. These areas warrant additional expense. Mark the location for sensor deployment on your diagram. Be sure to check them and make sure you haven't missed anything.
6. Remember to look for alert and response capabilities, and don't forget signature files and uploading.
7. Now you have the information to decide the administration tools you need. Look at your diagram again. Is there a secure server where you can install the IDS administrative application? Do you need to purchase additional hardware for IDS administration and logging?
8. Next, make a list of your needs. How many sensors do you need? How many hosts require software? What type of administrative software will you use?
9. Using the Internet or other resources, find an IDS product that meets your needs. Be sure to consider the vendor's stability and reputation, available support options, cost, and scalability. 

Task 1

prepare a management summary of the design. Your submission must include the following

1. A management summary of the IDS deployment stating what it is, where it's deployed, and how it's intended to work. Include a brief statement of how this deployment supports the standards and requirements set forth in your security policy, if applicable. This management summary should be written for a nontechnical audience and give an overview of the system
2. A network diagram showing location of software and hardware deployment.
3. Product details, including alerts and response capabilities, scalability, potential vendor and support options, and specific configuration on your network. 

When you are finished, proofread your work carefully. Name your file YourName_U3_IDS.doc and submit it below.

Task 2

Security Plan Updates

1. Update your security policy to reflect any changes to the network configuration and relevant policies, such as incident response. List contact information for the vendor and support staff and note escalation procedures, if necessary.
2. Update your network diagram to reflect the final design, location of sensors, hosts the product is installed on, server configuration, etc. Establish how and where signatures files are obtained and how software will be updated.
3. Place your updated diagram and details on new software and hardware into an Appendix in your security policy.