IDS mailing list archives

Re: Building an IDS security policy

From: Jeff With <jeff.wirth () gmail com>
Date: Fri, 4 Mar 2005 21:48:38 -0500

On Thu, 3 Mar 2005 15:24:09 +0100, Knorr Markus
<Markus.Knorr () is-energy de> wrote:

To solve the technical implementation is no problem, but what about the policy?
However, i have not much experience in such organisational topics at all.

Are there any papers or books on how to write a specifical IDS-Policy?

The paper/book should deal with questions like:
How should the the IDS/IPS be monitored (24-Hours? in the business hours from an analyst
and the other time on call?)?
What is to do when an High-Risk-Event occurs?
What should an IDS/IPS-Policy descripe/include?
How can i accomplish the IDS/IPS-Thoughts in the whole Company and further to cooperate
with the relevant Units (Webhosting, etc.)?


where to start... http://www.sans.org

Sample Polices: http://www.sans.org/resources/policies/
Reading Room: http://www.sans.org/rr/
Incident Handling: http://www.sans.org/rr/whitepapers/incident/
Intrusion Detection: http://www.sans.org/rr/whitepapers/detection/
GIAC Practicals: http://www.giac.org/certified_professionals/

-jw

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Building an IDS security policy Knorr Markus (Mar 04)
- Re: Building an IDS security policy Jeff With (Mar 06)
- Re: Building an IDS security policy Stephane (Mar 07)