Friday, October 15, 2010

Optional 11-point principle IDS


Currently, intrusion detection products on the market there are hundreds of large and small, how to choose their own products, is a place in the general security administrators and corporate technology decision-makers in front of a very complicated matter. Here we have a comprehensive performance based products, talk about basic principles of the procurement process.

1. The product of the number of attack detection? Whether to support the upgrade?

IDS's main index is that it found the number of invasive way, almost every week new vulnerabilities and attack methods appear the way in flexible product upgrade to its features directly affect the play. A good real-time detection of product should be able to regularly update, and through the Internet or download the upgrade package in the local upgrade.

2. For network intrusion detection system, the largest deal flow (PPS) is the number?

First, analysis of network intrusion detection systems deployed in the network environment, if 512K or 2M line on the deployment of network intrusion detection system, you do not need high-speed intrusion detection engine, and in high load environments, performance is a very important indicator.

3. Products easy to avoid the attacker do?

Some commonly used escape detection methods, such as: fragmentation, TTL deception, abnormal TCP segmentation, slow scanning, collaborative attacks. Whether the product design in mind.

4. Can a custom exception event?

IDS on the specific monitoring requirements only through the user's own custom monitor policy implementation. A good IDS products, must provide a flexible user-defined policy capacity, including services, visitors, were visitors, port, keywords, and the ways of the incident response strategy.

5. Product system structure is reasonable?

A mature product, must be an integrated network based on Fast, Gigabit-based network, the three host-based technologies and systems.

Most of the traditional IDS is a two-tier structure, namely "Control Panel 鈫?Detector" structure, a number of advanced three-tier IDS products began to be deployed, or "Control Panel 鈫?event collector + security database 鈫?Detector" structure, for large networks, the three-tier structure is more easy to implement distributed deployment and centralized management, thereby enhancing the safety of the concentration of decision-making. If there is no remote management capabilities, for large networks do not have the availability of basic.

6. Product of false positive and false negative rate how?

Some IDS systems often send many false alarm, false alarms are often masked real attack. The weight of these products in the next re-collapse of the false alarm, and when a real attack occurs, some IDS products can not capture the attack, while others report IDS products mixed in false alarms, it is easy to miss. Overly complicated interface to turn off the false alarm is very difficult, almost all IDS products under the default settings will have a lot of false alarms to the user much trouble.

7. The system itself is safe?

IDS system records the most sensitive business data, there must be self-protective mechanism to prevent a hacker target.

8. Products real-time monitoring performance?

IDS communication caused by the load on the network can not affect normal network operations, must be real-time analysis of data, or can not be offensive to protect the network, so network intrusion detection products must consider the maximum bandwidth of the number of normal working.

9. The system is easy to use?

System ease of use include five aspects:

Interface easy to use - all Chinese language interface to facilitate the easy to learn and easy to operate and flexible.

Help ease of use - to the unusual event in the monitor to instantly see the help of alarm information on events, while in the online help in a variety of ways to view the products according to help.

Policy Editor use - can provide a separate Policy Editor? Can also edit multiple strategy? Strategy is to provide printing functionality.

Use the log report - the report is to provide a flexible customization capabilities.

Optimization of alarm events - whether to optimize for the alarm event, the user logs in from the ocean of liberation, advanced IDS can be a similar event within a specified time after the merger through optimized alarm, so that the user log information face not only clarity but also to avoid missing important alerts.

10. Signature Upgrade and maintenance costs of what?

The same as anti-virus software, intrusion detection feature database must be constantly updated to detect new and emerging attack methods.

11. Product by the national authorities of the evaluation?

Evaluating the authority of the main institutions: the National Information Security Certification Center evaluation, Ministry of Public Security of Computer Information System Security Product Quality Supervision and Inspection Centre.

In addition, the purchase of IDS products need to consider many factors, the above is the basic point. As the user's actual situation is different, the user can according to their own security needs in consideration.






相关链接:



About Distributed IDS



MainMenu> Preprocessor> MaterialProps> Mooney-Rivlin> DefineTable Where?



To work without SELECTION, the problem you thought about it?



AVI TO FLV



Female Employment: Shuobo difficult job there is the cycle undergraduate



CLP Guangtong Proceedings To Recover 200 Million Loan Of China Cable



Wizard Launchers And Task Managers



Compare Accounting And Finance



cheat barn Buddy facebook find how to cheat barn



MKV to PSP



12 Large Companies In 2007-2008 Compared The Welfare State



Principles Of CD Burning Type Of Identification



Guide Registry Tools



Using De exterminate rabbits annoying ads RMVB movies



Symantec said the new storm worm detected



RM TO AVI



No comments:

Post a Comment