Currently, intrusion detection products on the market there are hundreds of large and small, how to choose their own products, is a place in the general security administrators and corporate technology decision-makers in front of a very complicated matter. Here we have a comprehensive performance based products, talk about basic principles of the procurement process.
1. The product of the number of attack detection? Whether to support the upgrade?
IDS's main index is that it found the number of invasive way, almost every week new vulnerabilities and attack methods appear the way in flexible product upgrade to its features directly affect the play. A good real-time detection of product should be able to regularly update, and through the Internet or download the upgrade package in the local upgrade.
2. For network intrusion detection system, the largest deal flow (PPS) is the number?
First, analysis of network intrusion detection systems deployed in the network environment, if 512K or 2M line on the deployment of network intrusion detection system, you do not need high-speed intrusion detection engine, and in high load environments, performance is a very important indicator.
3. Products easy to avoid the attacker do?
Some commonly used escape detection methods, such as: fragmentation, TTL deception, abnormal TCP segmentation, slow scanning, collaborative attacks. Whether the product design in mind.
4. Can a custom exception event?
IDS on the specific monitoring requirements only through the user's own custom monitor policy implementation. A good IDS products, must provide a flexible user-defined policy capacity, including services, visitors, were visitors, port, keywords, and the ways of the incident response strategy.
5. Product system structure is reasonable?
A mature product, must be an integrated network based on Fast, Gigabit-based network, the three host-based technologies and systems.
Most of the traditional IDS is a two-tier structure, namely "Control Panel 鈫?Detector" structure, a number of advanced three-tier IDS products began to be deployed, or "Control Panel 鈫?event collector + security database 鈫?Detector" structure, for large networks, the three-tier structure is more easy to implement distributed deployment and centralized management, thereby enhancing the safety of the concentration of decision-making. If there is no remote management capabilities, for large networks do not have the availability of basic.
6. Product of false positive and false negative rate how?
Some IDS systems often send many false alarm, false alarms are often masked real attack. The weight of these products in the next re-collapse of the false alarm, and when a real attack occurs, some IDS products can not capture the attack, while others report IDS products mixed in false alarms, it is easy to miss. Overly complicated interface to turn off the false alarm is very difficult, almost all IDS products under the default settings will have a lot of false alarms to the user much trouble.
7. The system itself is safe?
IDS system records the most sensitive business data, there must be self-protective mechanism to prevent a hacker target.
8. Products real-time monitoring performance?
IDS communication caused by the load on the network can not affect normal network operations, must be real-time analysis of data, or can not be offensive to protect the network, so network intrusion detection products must consider the maximum bandwidth of the number of normal working.
9. The system is easy to use?
System ease of use include five aspects:
Interface easy to use - all Chinese language interface to facilitate the easy to learn and easy to operate and flexible.
Help ease of use - to the unusual event in the monitor to instantly see the help of alarm information on events, while in the online help in a variety of ways to view the products according to help.
Policy Editor use - can provide a separate Policy Editor? Can also edit multiple strategy? Strategy is to provide printing functionality.
Use the log report - the report is to provide a flexible customization capabilities.
Optimization of alarm events - whether to optimize for the alarm event, the user logs in from the ocean of liberation, advanced IDS can be a similar event within a specified time after the merger through optimized alarm, so that the user log information face not only clarity but also to avoid missing important alerts.
10. Signature Upgrade and maintenance costs of what?
The same as anti-virus software, intrusion detection feature database must be constantly updated to detect new and emerging attack methods.
11. Product by the national authorities of the evaluation?
Evaluating the authority of the main institutions: the National Information Security Certification Center evaluation, Ministry of Public Security of Computer Information System Security Product Quality Supervision and Inspection Centre.
In addition, the purchase of IDS products need to consider many factors, the above is the basic point. As the user's actual situation is different, the user can according to their own security needs in consideration.
相关链接:
About Distributed IDS
MainMenu> Preprocessor> MaterialProps> Mooney-Rivlin> DefineTable Where?
To work without SELECTION, the problem you thought about it?
AVI TO FLV
Female Employment: Shuobo difficult job there is the cycle undergraduate
CLP Guangtong Proceedings To Recover 200 Million Loan Of China Cable
Wizard Launchers And Task Managers
Compare Accounting And Finance
cheat barn Buddy facebook find how to cheat barn
MKV to PSP
12 Large Companies In 2007-2008 Compared The Welfare State
Principles Of CD Burning Type Of Identification
Guide Registry Tools
Using De exterminate rabbits annoying ads RMVB movies
Symantec said the new storm worm detected
RM TO AVI
No comments:
Post a Comment