Before you embark upon a NIPS deployment, have realistic expectations about what is involved. This chapter used a real-world NIPS product as an example to illustrate the decisions that need to be made at each phase in a NIPS deployment. You have to perform five major Cisco NIPS deployment phases:
Understand the ProductThe first task in any NIPS deployment is to make sure you fully understand the product you are going to be deploying. Review Chapters 7 and 8 so that you are familiar with the potential components, capabilities, and benefits associated with NIPS products. Then, determine which components, capabilities, and benefits your product includes. Also, be sure to investigate the product's management capabilities. Predeployment PlanningThe planning phase of a NIPS deployment must occur before anything has been implemented. During this phase, you need to
Sensor DeploymentThe next phase is to deploy the sensors you chose during your planning session. Along with deploying your sensors, you also need to install your management software and make sure that access to the management tool has been secured, because it is a prime target for attack. TuningOne purpose of the tuning phase is to locate and eliminate false positives. Another aspect of tuning is to create necessary filters to overcome known false positive situations. Finally, tuning involves configuring signature actions. Generating one or more of the following actions when signatures fire helps to fully utilize the functionality that your IPS sensors provide:
Finalize the ProjectIn the final phase of your NIPS deployment, you need to create procedures to govern the following:
|