Summary

Intrusion detection and prevention, if implemented properly, has the ability to provide significant insight into what is happening on your network. If not implemented properly, however, it stands to be one of the largest wastes of money in your IT budget. The key to a successful IDS/IPS deployment is a realistic expectation of what the IDS/IPS is capable of and, most important, what it is not capable of.

To help ensure the success of your IDS/IPS deployment, we took a look at the IDS/IPS technologies and defined what each technology is and what it is capable of to ensure that you deploy it in accordance with its actual capabilities ”not the marketing hype surrounding it.

Next, we took a look at how to harden your IDS/IPS sensors and management consoles to ensure that they cannot be used to exploit your network. Once the IDS/IPS devices had been properly secured, we took a look at how to effectively deploy the sensors throughout the network, including looking at the difference between detection and prevention. After that we examined the most time-consuming part of any IDS/IPS deployment ”the tuning of the IDS/IPS to reduce the likelihood of false alarms. We finished up the chapter with a look at logging, alerting, and blocking with an IDS/IPS.