pilot_3
August 28, 1998
Intrusion Detection Pilot Program Guide
iii
Table of Contents
Introduction & Scope.....................................................................................1
Phase 1 Requirements Definition..............................................................2
Goal..................................................................................................................................... 2
Suggested Duration............................................................................................................2
Procedure...........................................................................................................................2
Understand your environment......................................................................................2
Analyze your needs......................................................................................................2
List your expectations...................................................................................................2
Establish criteria for measuring success or failure.......................................................2
Resources Needed for this Phase......................................................................................3
Output from this Phase.......................................................................................................3
Phase 2 Product Evaluation.......................................................................4
Goal.....................................................................................................................................4
Suggested Duration............................................................................................................4
Procedure...........................................................................................................................4
Resources Needed for this Phase......................................................................................4
Output from this Phase.......................................................................................................5
Phase 3 Successful Deployment...............................................................6
Goal.....................................................................................................................................6
Typical Duration..................................................................................................................6
Procedure...........................................................................................................................6
Planning........................................................................................................................6
Training.........................................................................................................................6
Deployment..................................................................................................................6
Operation...................................................................................................................... 7
Feedback......................................................................................................................7
Resources Needed for this Phase......................................................................................8
Output from this Phase.......................................................................................................8
Appendix A - Customer Requirements........................................................9
Installation and Deployment................................................................................................9
Security...............................................................................................................................9
Incident Detection............................................................................................................. 10
Incident Response............................................................................................................10
Configuration.....................................................................................................................11
Event Monitoring............................................................................................................... 11
Data Management............................................................................................................12
Performance.....................................................................................................................12
Architecture.......................................................................................................................13
Product Updates, Technical Support, and Industry Research..........................................13
Other.................................................................................................................................15
Appendix B - System Requirements..........................................................16