An IDS is pretty worthless if you don't also have an incident response policy in place. Develop an incident response policy so there are clear lines of responsibility and reporting. Also clearly delineate how, where, and to whom to report suspicious activity.
■ Unauthorized traffic is not logged Audit logs are necessary to provide a trail of evidence in case the network is compromised. With this information, the network administrator can devise ways to block the attack and possibly identify and prosecute the attacker. Information supplied by an IDS can be used for forensic analysis in support of an incident as well as to aid in normal traffic analysis.
■ No established weekly backup procedures IDS data needs to be backed up to ensure that it is preserved in the event of a hardware failure of the IDS or in the event the IDS is breached.
■ IDS antivirus updates procedures not in the standard operating procedure IDS systems require antivirus updates. Be sure that these updates are in the standard operating procedures for IT staff. Sometimes it's the little things we overlook that bite us the hardest; this one's a no-brainer but easy to overlook.
■ Switches and cross-connects are not secure Since the intrusion detection and prevention system includes all hardware required to connect horizontal wiring to the backbone wiring, it's important that all switches and associated cross-connect hardware are kept in a secured location, a locked room or an enclosed cabinet that is locked. This will also prevent an attacker from gaining privilege mode access to the switch. Several switch products require only a reboot of the switch to reset or recover the password.
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.