Big4Guy

Someone recently asked me how one can deploy a IDS. Well, I myself had to do some research before I could provide some guidance. An intrusion detection system basically alerts the organziation on intrusion attempts on its netowrks, servers and applications. Intrusion detection systems are either host based or network based. Coming back to the question on how to implement an Intrusion detection System. I have jotted down some brief steps which are required for IDS deployment.

1. Identify what is to be protected - An organization in the first palce must identify what needs to be protected. It can be servers, applications, databases, domain controllers etc. An organization can make a laundry list of softwares, it needs to protect.

2. Determine whether to use host based IDS or network based IDS - A host based IDS monitors intrusion attempts at the server level and a network based IDS monitors all critical network entry ponts.

3. Configure the IDS - Once decision is made, the next thing is to configure the IDs appropriately to reflect the organization security policy.

4. Deploying IDS & Updating Signatures - The final stage requires actually deploying the IDS and updating the IDS with most current signatures at frequent intervals. This is normally provided by IDS vendors. Signatures gain importance in an IDS since the capability to detect intrusions is based on signatures. The more current the signatures, the better the ability of the IDS to detect intrusion attempts.

More on Information Security >>

>> Return on Security Investment
>> Sample Information Security Policy
>> ISO OSI Session Layer Vulnerabilities
>> Confidentiality, Integrity & Availability