Intrusion Detection recommendations
Jimmy Hess
mysidia at gmail.com
Sat Feb 14 03:50:44 UTC 2015
On Fri, Feb 13, 2015 at 11:40 AM, Andy Ringsmuth <andy at newslink.com> wrote:
> NANOG'ers,
> I've been tasked by our company president to learn about, investigate and recommend an intrusion detection system for our company.
An important thing to realize is that an Intrusion Detection System is
not a "product" you can buy.
And if your org. is 100 people, you should probably think about
engaging some professional security services firms to help,
starting with a basic Info. security and physical security audit from
an independent third party.
An intrusion detection system consists of an infrastructure stack
containing vigilant dedicated human beings, devices, various
software for instrumenting the network in different ways and analyzing
collected data, documentation, business, and security processes
within the organization.
Without enough of all those pieces, there are plenty of off-the-shelf
IPS offerings, BUT using one could very well instill a false
sense of security, because you have no idea if the product is
actually doing a good job at what it is supposed to do, and not just
presenting a "perception" of security mostly by tackling just
whatever bugs or malware is appearing in the news headlines of the
day.
Also, there is the matter of being equipped with suitable analysis and
response plans to be prepared for the time that the IDS alarm actually
goes off, and to be able to determine if it's actually legitimately a
false alarm, something meriting investigation, or if it represents
an emergency.
> We're a smaller outfit, less than 100 employees, entirely Apple-based. Macs, iPhones, some Mac Mini servers, etc.
[snip]
--
-JH
More information about the NANOG
mailing list