IDS mailing list archives
Re: Building an IDS security policy
From: Jeff With <jeff.wirth () gmail com>
Date: Fri, 4 Mar 2005 21:48:38 -0500
On Thu, 3 Mar 2005 15:24:09 +0100, Knorr Markus <Markus.Knorr () is-energy de> wrote:
To solve the technical implementation is no problem, but what about the policy? However, i have not much experience in such organisational topics at all. Are there any papers or books on how to write a specifical IDS-Policy? The paper/book should deal with questions like: How should the the IDS/IPS be monitored (24-Hours? in the business hours from an analyst and the other time on call?)? What is to do when an High-Risk-Event occurs? What should an IDS/IPS-Policy descripe/include? How can i accomplish the IDS/IPS-Thoughts in the whole Company and further to cooperate with the relevant Units (Webhosting, etc.)?
where to start... http://www.sans.org Sample Polices: http://www.sans.org/resources/policies/ Reading Room: http://www.sans.org/rr/ Incident Handling: http://www.sans.org/rr/whitepapers/incident/ Intrusion Detection: http://www.sans.org/rr/whitepapers/detection/ GIAC Practicals: http://www.giac.org/certified_professionals/ -jw -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Building an IDS security policy Knorr Markus (Mar 04)
- Re: Building an IDS security policy Jeff With (Mar 06)
- Re: Building an IDS security policy Stephane (Mar 07)