Barking Dogs

By Brian P. Watson Print this article Print

Intrusion detection systems used to be the network's best guard dog: Quiet, obedient, always sniffing around. Now they're part of a whole new breed of network security.


Barking Dogs?

As technology managers looked to tools that could not only spot but block threats, vendors like Cisco, Internet Security Systems, Juniper Networks, Sourcefire and TippingPoint began combining detection and prevention tools into a single product. (Systems typically range in price from just under $10,000 to $70,000, depending on licensing, support and service agreements.) That market, which includes network and host intrusion tools, along with firewall products, totaled $475.4 million in worldwide sales in 2005, according to IDC.

For some, the combination of the two makes all the difference. "All [intrusion detection systems] are barking dogs," says Perry Jarvis, who until early November was network operations manager for the city of Burbank, Calif., and now works at Extreme Networks. "They don't take any corrective action."

Until 2003, the city operated its power grid, which supplies electricity to its population of more than 104,000, via a supervisory control and data acquisition (SCADA) network, a physically isolated local-area network that mirrored the grid itself. Since it was isolated, Jarvis and his team didn't have any intrusions or threats coming in or going out.

That soon changed: To predict how much power would be available for consumption, the city needed to figure in weather conditions. That meant Burbank had to tie the SCADA network to the municipal network, which left the SCADA setup susceptible to attacks.

To handle security threats, Jarvis and his team spent about $100,000 on a pair of Juniper Networks' NetScreen firewalls and two Intrusion Detection and Prevention 100s to sit behind them. Those products allowed Jarvis and his team to link the two networks, permitting the SCADA network to access weather reports from the city grid while blocking harmful traffic and attacks in real time.

The ability to create and customize signatures was a key selling point, Jarvis says. But above all, Jarvis prefers the Juniper systems for their ability to do both: "I like the device saying, 'You don't look right, so you're not passing through to my systems.'"

This article was originally published on 2006-12-12
Associate Editor

Brian joined Baseline in March 2006. In addition to previous stints at Inter@ctive Week and The Net Economy, he's written for The News-Press in Fort Myers, Fla., as well as The Sunday Tribune in Dublin, Ireland. Brian has a B.A. from Bucknell University and a master's degree from Northwestern University's Medill School of Journalism.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.