Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of potential incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected potential incidents. Intrusion detection and prevention (IDP) systems are primarily focused on identifying potential incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.<\/p>\n","protected":false},"excerpt":{"rendered":"
IDPs have become a necessary addition to the security infrastructure of nearly every organization. IDPs typically record information related to observed events, notify security administrators of important observed events, and produce reports.<\/p>\n
This NIST publication describes the characteristics of IDP technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them.<\/p>\n
Securing IDP components is very important because IDPs are often targeted by attackers who want to prevent the IDPs from detecting attacks or want to gain access to sensitive information in the IDPs, such as host configurations and known vulnerabilities.<\/p>\n
IDPs are composed of several types of components, including sensors or agents, management servers, database servers, user and administrator consoles, and management networks.<\/p>\n
Administrators should maintain the security of the IDP components on an ongoing basis, including verifying that the components are functioning as desired, monitoring the components for security issues, performing regular vulnerability assessments, responding appropriately to vulnerabilities in the IDP components, and testing and deploying IDP updates.<\/p>\n
Organizations should consider using multiple types of IDP technologies to achieve more comprehensive and accurate detection and prevention of malicious activity.<\/p>\n
The four primary types of IDP technologies—network-based, wireless, NBAD, and host-based—each offer fundamentally different information gathering, logging, detection, and prevention capabilities. For most environments, a combination of network-based and host-based IDP technologies is needed for an effective IDP solution. Wireless IDP technologies may also be needed if the organization determines that its wireless networks need additional monitoring or if the organization wants to ensure that rogue wireless networks are not in use in the organization’s facilities. NBAD technologies can also be deployed if organizations desire additional detection capabilities for denial of service attacks, worms, and other threats that NBADs are particularly well-suited to detecting. Direct IDP integration is most often performed when an organization uses multiple IDP products from a single vendor, by having a single console that can be used to manage and monitor the multiple products.<\/p>\n
Evaluators need to understand the characteristics of the organization’s system and network environments, so that an IDP can be selected that will be compatible with them and able to monitor the events of interest on the systems and\/or networks. Evaluators should articulate the goals and objectives they wish to attain by using an IDP, such as stopping common attacks, identifying misconfigured wireless network devices, and detecting misuse of the organization’s system and network resources.<\/p>\n
http:\/\/www.bankinfosecurity.com\/regulations.php?reg_id=307&PHPSESSID=a842e1d4d220653dc1dd762d42e04179<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-149","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=149"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/149\/revisions"}],"predecessor-version":[{"id":2636,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/149\/revisions\/2636"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}