Development lifecycle for an IDS system
- Details
- Hits: 6404
Development lifecycle for an IDS system
An Intrusion detection system technology offers security for a network of computers. It helps in detecting unusual behavior and wrong use of resources in network and differentiates genuine attacks from malicious alarms. Through the technology, administrators detect any compromise of the system (Breithaupt & Merkow, 2006).
The four major configurations are the standalone sensor, device management, firewall sandwich and remote sensor. The standalone sensor only detects intrusion but cannot react to the unwanted traffic. The device management sensor is able to block the IP address attacking the network from future attacks, which happens immediately the attack is sensed and alarm triggered. The Firewall sandwich is used to offer security for protected network by creating a wall that controls the flow of data. The remote sensor configuration protects remote networks by controlling the data before it reaches the director as the route followed is not trusted (Proctor, 2001).
Once the Selection of IDS is complete, it is important to deploy it properly. The most private assets in an organization are given priority on how to protect them using the IDS. The IDS is configured in a way that follows the security policies and right procedure to prevent attacks. This is necessary if any evidence is required for the purpose of prosecution. An ID has no ability to prevent unwanted traffic. If an attacker realizes a network has IDS he or she can attack the sensor first to either disable its functions or influence it to give false information, which would prevent suspicion by the security personnel (Sari, 2006).
Deployment of IDS requires close monitoring to ensure the sensor responds and acts to all alerts. The staffs are trained on handling all types of responses whether manual or automatic. IDS should also be regularly updated to make it secure. The staff must be properly skilled, as the technology cannot solve all the security problems. Unfortunately, the number of qualified staffs is less than demand. Proper installation of IDS ensures the system receives all the alarms including those that are not harmful to the system (Breithaupt & Merkow, 2006).
Response against intrusions is intended for the administrators and anyone who manages information system. The practices apply in network systems that have host systems that offer services to more than one user. It is therefore important for anyone wanting the service to be competent with the practices and relationships in the system. For instance, an administrator who has knowledge in the handle category has a higher understanding in the area that requires preparation (Breithaupt & Merkow, 2006).
Response to intrusion may require one to skip the first and second preparatory stages and work on the third practice. The response requires one to analyze the valid information before concluding that there is an intrusion in the system. It is difficult to recover a system that has been intruded as the process requires a lot of time and the system has to be down for maintenance. However, IDS is capable of undoing and redoing operations and validating the database to ensure all changes are completed in the right process. It is therefore important to review and implement the preparatory practices once the processes of response and recovery are complete (Sari, 2006).