Step 5: Finalize the Project


Although the sensors are deployed and fully operational, you have a number of loose ends to tie up before the project is officially over. First of all, operational control of your sensors must transition from the deployment team to whoever is going to manage sensors moving forward (see the section, "Plan for Ongoing Management" earlier in this chapter). Also, you need to establish procedures to govern the day-to-day operation of your NIPS sensors. Here are a few examples:

  • Change control Establishes the checks that are in place for sensor configuration changes. It controls how changes are requested, who reviews the changes, and by what criteria they are reviewed.

  • Backup and restore Defines the frequency and type of backup performed on the IPS MC. It also outlines the proper way to restore the IPS MC if needed.

  • Log archive Describes how long sensor event logs should be kept, when they should be archived, what types of events should be archived, and where the archive is stored.

  • Incident response Investigates sensor alert needs to be developed. Whenever an alert is generated, someone needs to examine the alert and verify that the attack was successfully stopped. If your sensor alerts only on malicious traffic, you also need to examine attacked systems to verify that they have not been compromised. Using CS-MARS can simplify this process because many of the steps that an operator performs to analyze an attack are automatically handled by CS-MARS.




Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net