Chapter 11: Using Intrusion Detection Systems


Overview

The most frequently reported security violations are due to the incorrect configuration of security tools in corporate networks, including their incorrect placement. According to statistics for 1999 collected by International Computer Security Association (ICSA), 70 percent of all firewalls are vulnerable, due to their being incorrectly configured or improperly placed. By analogy, this figure can be extended to intrusion detection systems (although concrete statistics on this were not available at the time of writing). An analysis of different publications that discuss intrusion detection systems will reveal that they actually omit such topics as the practical use of such systems. In a way, this is similar to a driving course in which an instructor teaches the pupil the rules of the road, the car's components, what to do to make the car start and stop, etc. However, the pupil is not taught how to drive in such a way as to enjoy the process without exposing other people to danger. This last skill you will have to gain from experience, or after attending a specialized course for advanced drivers (for example, an extreme-driving course).

This is analogous to the field of information security. Books and documentation describe the IDS components and the available settings, but do not discuss the practical applications of these systems in a particular user environment, taking into account that user's information processing technologies. At the same time, these aspects are matters of primary importance to IS professionals. The previous chapter discussed aspects of choosing the correct places for the components of the intrusion detection system within the corporate network. This chapter will cover the most important aspects related to the practical use of intrusion detection systems. Although each organization differs in the specifics of its IDS, there are several important topics that are characteristic for almost all users.

It should be noted here that most aspects covered in this chapter relate to intrusion detection systems, including security scanners working at the network level. However, the tips provided here will, in addition, certainly be useful for implementing other approaches to intrusion detection.




Protect Your Information with Intrusion Detection
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net