Introduction
An Intrusion detection system referred to as IDS may be software and/or hardware installed to identify unauthorized efforts of gaining access, controlling, and/or immobilizing computer systems, primarily by means of networked services, like the Internet. These efforts may manifest in the shape of network attacks, malware, and/or discontented workers. The IDS is mainly used to identify various forms of malicious activities that can jeopardize the security of a networked computer system. This involves the detection of attacks against susceptible services; data-based application anomalies, host-driven attacks such as privileges upgrades, illegitimate access to confidential data, and malware such as Viruses, Trojans, and Worms. (Dollard, 2006)
With extensive diffusion into the industry and integration of IDS systems, it is plainly evident that IDS constitute an integral component of the organizational infrastructure. The requirement for such systems is accentuated by a simple premise in the field of network security: defense-in-depth. It is a layered mechanism of defending the organizational information system and communications framework against malicious assaults and illegitimate access to confidential data and information. This technique entails compound, overlapping structures that facilitate organizations to prevent, identify and counter suspected interferences with network-based services.
In this document, the IDS policy relevant to the organizational requirements of Gem Infosys is formulated following a logical evaluation of the scenario.
Discussion
Appreciating the necessity for IDS security, and consequently formulating an IDS policy that is aligned with the organizational requirements are significant steps in the pursuit of developing an effective overall information security framework. Nevertheless, these measures constitute just the preliminary phases of a comprehensive IDS implementation procedure. After procuring an adequate IDS structure, an organization should suitably and resourcefully deploy it across all organizational levels. (Fletcher, 2009) For the effective deployment of suitable IDS in Gem Infosys the following components are paid particular attention in the IDS policy:
- Incident response guidelines
- Staffing
- Configuration
- Training
- Updating signatures
Incident response guidelines: The IDS facilitate the detection of security incidents and, identification of intruders. The organization may choose to file lawsuits, seek consultation, counter the intrusion attempt, disregard the intrusion or embark on different measures, based on the severity of the security breach. The incident response guidelines would assist the management to formulate an effective company response in such cases.
Staffing: The IDS is expected to produce relevant information about the network used within the organization. This requires consequent assessment of the produced data. The services of a qualified network analyst would be hired to and shall be assigned to IDS management, log examination, and analysis.
Configuration: The IDS should be suitably configured to generate pertinent data only. Striking an ideal sense of balance between excessive data generation and insufficient data generation is important for effective deployment. Refined and efficient IDS configuration is required thus a comprehensive configuration process involving designing, tuning, and trial would be carried out.
Training: So as to productively exploit the IDS, the workforce should have access to necessary training. Personnel with job requisites associated with configuration, incident response, and data analysis would be provided with the latest IDS learning tools.
Update signatures: To facilitate security maximization, the attack records that the IDS is configured to detect must be updated frequently. Intruders continuously modify attack techniques. Thus, to optimize safety the IDS signature files will be modified and updated regularly. (Fletcher, 2009)
Conclusion
In general, much importance is given to security and deterrence using measures like routers, firewalls, antivirus, and public key infrastructures. However, decisive identification and response activities like those facilitated by IDSs are frequently disregarded. Such systems play the role of monitoring devices within networks and facilitate attack avoidance, intrusion identification, damage evaluation, and prosecution evidence. They constitute a fundamental layer of a defense-in-depth construct and play a central role in the development of a complete information security framework.
Reference
Dollard, J. (2006). Secured Aggression. New Haven and London: Yale University Press.
Fletcher, R. (2009). Software Security: Beliefs and Knowledge. Auckland: Howard & Price.