Home | Press | Contact Us | Clients | Testimonials
ecfirst Home

Tip of the month of November, 2007 - Week 3

INTRUSION DETECTION

Security is all about the deployment of multiple layers of defense. Firewall systems are the first layer of defense – and are typically deployed at the perimeter of the organization. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are the next vital layers of defense. These are systems that are always ON with the objective of “detecting” and “preventing” threats to the enterprise. Security professionals will need to review their security policies to determine the role that IDS/IPS can play in strengthening the defenses of the enterprise.

What is intrusion detection? Intrusion detection is about monitoring and identifying attempts made for unauthorized access into an organization’s infrastructure. Intrusion Detection Systems (IDS) are designed to detect “threats” and take appropriate action. These threats, referred to as an event, are typically logged and an alert is generated to enable a response.

Fundamentally, there are two types of IDS:

  • Host-based IDS
  • Network-based IDS

Host-based IDS are installed on the host systems that they are intended to monitor. This system may be a server, workstation or other device such as a router. The product typically runs as a process or a service. The product typically has the capability to sniff network traffic that is intended for the host system. These IDS systems check the host against hundreds of “threat signatures” to make sure the system is safe from previously identified threats.

Network-based IDS capture and analyze packets on the wire. While host-based IDS are designed to protect a single system, network-based IDS are built to protect systems on the network. For an IDS to effectively monitor a network, there needs to be at least one IDS device per network segment. This device may be a fully operational IDS or it may just be a sensor or a tap. These systems capture packets and pass it on to the IDS console for inspection. Taps and sensors typically do not have an IP address and are thus invisible to intruders.

Network-based IDS solutions are typically deployed at a choke point on the perimeter of the network as well as on critical network segments where servers are located.

THE DISRUPTION OF HEALTHCARE: FORCES OF TECHNOLOGY AND GENETICS FOREVER CHANGE HEALTHCARE

In this executive brief we examine the DNA of tomorrow’s digital healthcare ecosystem. Digital healthcare is about the delivery of personalized care – it is about information-based medicine. It is the result of digitization of healthcare information of each person.

In this brief, we examine the building blocks of digital healthcare including:

  • The flattening of the healthcare infrastructure as a direct result of Electronic Health Records (EHR), the National Healthcare Information Network (NHIN), Regional Health Information Organizations (RHIOs) and of course, the Internet
  • Regulatory compliance and how it is seriously influencing policy and technology priorities in healthcare organizations
  • The impact of genomics on healthcare and its influence on personalized medicine

The brief has been downloaded by hundreds of organizations including many hospitals, government agencies, HP, Siemens, Phillips Medical, EDS, BlueCross BlueShield, Aetna, HIMSS, JCAHO, Microsoft, IBM and hundreds of other organizations.

You may request a complimentary copy of this executive brief PDF via email at techsolutions@aha.org

Pabrai Presents Keynote Session on HIPAA Audit at HIPAA Summit, Washington, DC.

The Fifteenth National HIPAA Summit will be held at the Hyatt Regency on Capitol Hill on December 10 - 15, 2007. This special edition of the HIPAA Summit will provide training and professional certification examinations for seven different categories of privacy and security professional certification. For more information, please visit www.HIPAAAcademy.Net or www.HIPAASummit.com.

For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net

HIPAA Tip

Intrusion Prevention Systems (IPS)

Intrusion Prevention Systems (IPS) have the capability to either stop an attack or interact with an external system to eliminate the threat. Intrusion prevention controls involve real-time counter measures taken against specific, active threats. Examples include activities such as sending scripted commands to a firewall system to deny all in-bound traffic from a specific suspected attacker’s IP address. Another example would be to communicate with a virus scanner to clean an infected file. An IPS solution provides the capability to not be a passive device that detects evidence of intrusion, but one that is active and can perform actions to protect against attacks when they are detected.

Just like a firewall system, IDS/IPS solutions are vital for defending today’s organizations. These systems give you more insight on the types of attacks that are launched on your organization. They give you real-time capabilities to protect sensitive information and assets deployed on your infrastructure. Security professionals must carefully review/develop their policies to address the need for real-time detection and prevention. A number of solutions are available that can be deployed to meet an organization’s policy requirements in this area.

Security professionals are always striving to deploy a solution that detects as many attacks as possible and limits the number of false alarms. Solutions that go further and provide the capability to prevent intrusions are increasingly being demanded by organizations. The first key step is to develop security policies that establish the organization’s priorities for defending vital assets. For a complete set of security policy templates to comply with compliance requirements, please visit www.ecfirst.com

 

 

Last updated: November 16, 2007