Ideally, the sensor to the monitor communication should be encrypted in order to prevent interception or changes to be made. Knowledgeable intruders will know to look for intrusion detection related traffic and may even have the capability to intercept the traffic. Intrusion detection sensors can send three types of data to the monitor:
Another solution for protecting this communication is to put it all on a separate network dedicated for the intrusion detection sensors and monitors. A separate network may not be assessable to potential intruders and would reduce the risk from not using encryption. The sensor traffic is not on the same network where the detection of attacks is made. Another advantage is that a separate network will be less susceptible to denial of service attacks designed to incapacitate the intrusion detection defenses. The disadvantage to this architecture is the cost of maintaining a separate network for intrusion detection.
Intrusion detection products offer different encryption capabilities. Please check with your vendor for more information on their encryption capabilities.
Phil Bandy, Michael Money & Karen Worstell