|
are strictly network based, whereas others are a combination of network and host based.
Most IDS are comprised of two components, sensors and managers. Depending on the IDS
type, sensors can be either network based or host based.
The following are steps to be taken when deploying an IDS.
Step 1 - Identify what needs to be protected
To maximize the utilization of IDS, the organization must first determine in order of priority
what needs to be protected. For many organizations, the various servers, i.e., application,
database, file and domain controllers, contain mission critical resources. Furthermore,
depending on the organization, some departments may be more critical than others or must
enforce different trust relationships. All of this must be defined in a priority list prior to
deploying any IDS.
Step 2 - Determine what types of sensors are required
The types of sensors that are required are dependant on the priority list defined in Step 1. A
host sensor would be used to monitor a critical server, whereas a network sensor would be
used to monitor network entry points and critical network segments.
Another important issue to consider is how many sensors the organization can afford to buy.
This number will influence how the sensors are deployed throughout the network, as the
number of critical resources must be balanced against how many sensors can be acquired
and maintained.
Step 3 - Configure host system securely
Next topic
Previous topic