IDS Policy


11


  Who will monitor the IDS? Depending on the IDS, you may have alerting


mechanisms that provide information about intruder activity. These alerting


systems may be in the form of simple text files, or they may be more


complicated, perhaps integrated to centralized network management systems


like HP OpenView or MySQL database. Someone is needed to monitor the


intruder activity and the policy must define the responsible person(s). The


intruder activity may also be monitored in real time using pop up windows or


web interfaces. In this case operators must have knowledge of alerts and their


meaning in terms of severity levels.


  Who will administer the IDS, rotate logs and so on? As with all systems, you


need to establish routine maintenance of the IDS. 


  Who will handle incidents and how? If there is no incident handling, there is no


point in installing an IDS. Depending upon the severity of the incident, you


may need to get some government agencies involved.


  What will be the escalation process (level 1, level 2 and so on)? The escalation


process is basically an incident response strategy. The policy should clearly


describe which incidents should be escalated to higher management.


  Reporting. Reports may be generated showing what happened during the last


day, week or month.


  Signature updates. Hackers are continuously creating new types of attacks.


These attacks are detected by the IDS if it knows about the attack in the form of


signatures. Attack signatures are used in Snort rules to detect attacks. Because


of the continuously changing nature of attacks, you must update signatures and


rules on your IDS. You can update signatures directly from the Snort web site


on a periodic basis or on your own when a new threat is discovered.


  Documentation is required for every project. The IDS policy should describe


what type of documentation will be done when attacks are detected. The


documentation may include a simple log or record of complete intruder


activity. You may also need to build some forms to record data. Reports are also


part of regular documentation.


Based on the IDS policy you will get a clear idea of how many IDS sensors and


other resources are required for your network. With this information, you will be able to


calculate the cost of ownership of IDS more precisely.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved