Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [OOT] Intrusion Prevention System Impelementation Methodology

From: Valdis.Kletnieks () vt edu
Date: Thu, 04 Jan 2007 13:10:07 -0500
On Thu, 04 Jan 2007 23:01:42 +0700, Fajar Edisya Putera said:

I'm trying to find methodology for implementing intrusion prevention system
in my report. I'm reading about an improvement for system development life
cycle for information security. But it's really complicated for just a guide
how to implement intrusion prevention. Maybe someone willing here can't help
me? I'm really frustated here...


Of course it's really complicated for a guide on implementing intrusion
prevention, because that's only one little *part* of the whole "life cycle"
thing.

Intrusion prevention:

1) Apply the patches for the target systems.
2) Harden the target systems (there's plenty of guides for various systems).
3) Security awareness training for all staffers ("don't click the shiney!").

Failure to do the above 3 things will completely and totally screw any attempts
to deploy any IDS/IPS technology.  And quite frankly, failure to do the first
3 is amazingly common....

4) Find an IDS/IPS you like, and install it.  What you install isn't anywhere
near as important as the next step:

5) Actually *pay attention* to it.  Read the logs, Get a handle on who's
probing you.

6) Turn that IDS/IPS around 180 degrees, and monitor what your systems are
sending *out*.  For example, it's actually very difficult to totally prevent
the end-user machines from getting spamware installed on them, but trivially
easy to detect and mitigate that it's happened.

7) Keep in mind that no IDS/IPS actually *prevents* intrusions.  Your best
bet is to think of it as a police car with a radar at the side of the road,
trying to catch speeders.

Anybody who tries to make it more complicated than that is probably a
consultant, trying to separate you from your money.... :)

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: