Case Study Wk6

Before Formulating an IDS Policy

Jonathan Santos

NETW202

April 11, 2010

Mark Kirton

Before Formulating an IDS Policy

Gem Infosys a small software company has decided to secure their computer systems. The organization uses ten PCs and a broadband connection to the Internet. The management at Gem has determined that it needs to formulate an IDS policy. Before they get started, however, I will be explaining what steps they must take before formulating the IDS policy.

First, let's understand exactly what it is that IDS's do. Intrusion Detection Systems are used in the PC world as an analytical tool; meaning that they do not protect or prevent attacks. Instead, they monitor activity on the network and examine it to determine whether the network or system is potentially being attacked. Depending on the type of IDS, it will only come to this conclusion after the network or system has already been compromised. That being said, once it determines that the traffic it examined can be harmful, it logs it (once again, depending on the IDS, it may also send an alert to personnel).

Now that you know what IDS's do, we can get started on determining what needs to be done before formulating the IDS policy. The first step should be to determine what kind of network traffic Gem Infosys wants to be alerted for. The type of network traffic needs to be specific to prevent false positives and false negatives. Types of network traffic would include instant messages, videos, e-mails, etc. A false positive would be if the IDS alerts security personnel of activity that is considered normal for the company. A false negative is when the IDS does not alert suspicious activities. It's simple to see why this step is an important one, and should be done carefully by people involved in the company's day-to-day operations.

After Gem Infosys determines the type of network traffic they want to be notified of, they need to decide on what type of IDS they want to...