IDS Policy
11
  Who will monitor the IDS? Depending on the IDS, you may have alerting
mechanisms that provide information about intruder activity. These alerting
systems may be in the form of simple text files, or they may be more
complicated, perhaps integrated to centralized network management systems
like HP OpenView or MySQL database. Someone is needed to monitor the
intruder activity and the policy must define the responsible person(s). The
intruder activity may also be monitored in real time using pop up windows or
web interfaces. In this case operators must have knowledge of alerts and their
meaning in terms of severity levels.
  Who will administer the IDS, rotate logs and so on? As with all systems, you
need to establish routine maintenance of the IDS. 
  Who will handle incidents and how? If there is no incident handling, there is no
point in installing an IDS. Depending upon the severity of the incident, you
may need to get some government agencies involved.
  What will be the escalation process (level 1, level 2 and so on)? The escalation
process is basically an incident response strategy. The policy should clearly
describe which incidents should be escalated to higher management.
  Reporting. Reports may be generated showing what happened during the last
day, week or month.
  Signature updates. Hackers are continuously creating new types of attacks.
These attacks are detected by the IDS if it knows about the attack in the form of
signatures. Attack signatures are used in Snort rules to detect attacks. Because
of the continuously changing nature of attacks, you must update signatures and
rules on your IDS. You can update signatures directly from the Snort web site
on a periodic basis or on your own when a new threat is discovered.
  Documentation is required for every project. The IDS policy should describe
what type of documentation will be done when attacks are detected. The
documentation may include a simple log or record of complete intruder
activity. You may also need to build some forms to record data. Reports are also
part of regular documentation.
Based on the IDS policy you will get a clear idea of how many IDS sensors and
other resources are required for your network. With this information, you will be able to
calculate the cost of ownership of IDS more precisely.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved