|
security staff can monitor the health of the systems and network. Many organizations have a
Network Operations Centers (NOC) that fulfills the role of a central location to place the manager. IDS sensors could then report all alerts to the NOC, thereby allowing the security staff to respond quickly to attacks and to notify the appropriate authorities, such as CERT technicians. The other issue to consider is how to configure the sensors. Careful configuration of the sensors can increase the effectiveness of IDS and all unnecessary signatures should be disabled. For example, if the network is entirely composed of Microsoft Windows NT systems, then the sensors can be configured to ignore any attacks that are directed against Unix systems. Therefore, if the organization has a priority list as defined in Step 1, as well as knowing the network intimately, it can benefit greatly from having a properly configured IDS.