Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is the most common mistake admins make in handling intrusion detection systems (IDS)?

admins common detection handling IDs intrusion mistake SYSTEMS
0
Posted

What is the most common mistake admins make in handling intrusion detection systems (IDS)?

0 CommentsAdd a Comment

1 Answer

0

Orebaugh: The biggest problem with any IDS is the fact that many organizations deploy it and forget about it. An IDS needs a lot of care and feeding on a daily basis. IDS alerts do you no good if you are not actively looking at them. It is optimal to have an individual (or more staff, depending on the size of the organization) dedicated to intrusion detection as his/her sole responsibility. This person will actively review the logs on a daily basis, update rules as needed and perform more in-depth analysis looking for long term trending, low and slow attacks and even ways to improve network performance. What do IT shops use instead of Snort, and why might Snort be a better option? Orebaugh: From my experience, I have seen either a lot of the high-end commercial appliance products deployed or Snort. Organizations with budget issues will choose Snort because it is free, and it has a lot of features and add-on tools to make it very usable. However, if you are looking to monitor high-bandw

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123