[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200701041810.l04IA7DO016671@turing-police.cc.vt.edu>
Date: Thu, 04 Jan 2007 13:10:07 -0500
From: Valdis.Kletnieks@...edu
To: Fajar Edisya Putera <fajarep@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [OOT] Intrusion Prevention System
Impelementation Methodology
On Thu, 04 Jan 2007 23:01:42 +0700, Fajar Edisya Putera said:
> I'm trying to find methodology for implementing intrusion prevention system
> in my report. I'm reading about an improvement for system development life
> cycle for information security. But it's really complicated for just a guide
> how to implement intrusion prevention. Maybe someone willing here can't help
> me? I'm really frustated here...
Of course it's really complicated for a guide on implementing intrusion
prevention, because that's only one little *part* of the whole "life cycle"
thing.
Intrusion prevention:
1) Apply the patches for the target systems.
2) Harden the target systems (there's plenty of guides for various systems).
3) Security awareness training for all staffers ("don't click the shiney!").
Failure to do the above 3 things will completely and totally screw any attempts
to deploy any IDS/IPS technology. And quite frankly, failure to do the first
3 is amazingly common....
4) Find an IDS/IPS you like, and install it. What you install isn't anywhere
near as important as the next step:
5) Actually *pay attention* to it. Read the logs, Get a handle on who's
probing you.
6) Turn that IDS/IPS around 180 degrees, and monitor what your systems are
sending *out*. For example, it's actually very difficult to totally prevent
the end-user machines from getting spamware installed on them, but trivially
easy to detect and mitigate that it's happened.
7) Keep in mind that no IDS/IPS actually *prevents* intrusions. Your best
bet is to think of it as a police car with a radar at the side of the road,
trying to catch speeders.
Anybody who tries to make it more complicated than that is probably a
consultant, trying to separate you from your money.... :)
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists