The field of intrusion detection is still in its infancy. As hackers evolve, IDSs must attempt to keep pace. Table 19-1 lists future trends that pose threats to IDSs, and potential solutions.
Table 19-1. Potential solutions to future difficulties in IDS
Encrypted traffic (IPSec)
Embed IDS throughout host stack
Increasing speed and complexity of attacks
Strict anomaly detection, heavily optimized NIDS engines, and intelligent pattern matching
Monitor each host individually; embed NIDSs in switches
Increasing burden of data to interpret
Visual display of data, automated alert suppression and correlation
New evasion techniques
New traffic normalization techniques and deeper target host awareness
New kernel-based attack techniques
New kernel security mechanisms
The following sections examine each of these growing problems and propose potential solutions.
IPSec (short for IP Security) is becoming a popular standard for securing data over a network. IPSec is a set of security standards designed by the Internet Engineering Task Force (IETF) to provide end-to-end protection of private data. Implementing this standard allows an enterprise to transport data across an untrustworthy network such as the Internet while preventing hackers from corrupting, stealing, or spoofing private communication.
By securing packets at the network layer, IPSec provides application-transparent encryption services for IP network traffic, as well as other access ...