Making Effective Use of Your Intrusion Detection System

Contributed by Jamie Riden

More and more network administrators are starting to deploy Intrusion Detection Systems to watch for compromises on their internal networks. However, merely deploying an IDS may not make that much difference to the overall security of the network. The IDS must be tuned to reduce the number of false positives, and to catch as many genuine attacks as possible. Then an analyst must be available to monitor the alert stream and appropriate action must be taken to deal with alerts. Without effective response, the IDS will be of little use. In this article we talk about optimal IDS placement in your organisation, how to correlate alerts with other data sources, how to tune the IDS rule sets and how to respond to a variety of alert types.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet