pilot_9
August 28, 1998
Intrusion Detection Pilot Program Guide
6
Phase 3 Successful Deployment
Goal
The goal of this phase is to employ the new IDS Product on your network as effectively as
possible. Since there are operational and process issues involved with adding this type of
product to a network infrastructure, many companies choose an initial phased deployment to
allow their personnel to learn the product and to integrate the product into their operational
structure in a controlled manner.
Typical Duration
60-90 work days, depending on the size, complexity, and utilization of the network, and
available technical resources
Procedure
Successful deployment involves careful planning, appropriate training, and coordination with
your existing security policy (whether formalized or not). The following steps indicate how to
best deploy intrusion detection technology for long term success:
Planning
Planning includes:
· Defining organizational responsibilities for installing, configuring, and managing the
product and associated activities (reporting, updates, etc.)
· Defining incident response activities (normally part of an overall security policy)
· Selecting the networks to be protected
· Determining the number and type (i.e., Windows NT, Unix) of intrusion detection
engines to be installed
Training
Vendor and/or consultant-provided training greatly increase the probability of successful
IDS deployment. Training should include:
· Basic security management concepts (if needed)
· Network-based vulnerabilities and threats
· Product architecture, system requirements, and configuration information
· Product operations, including use and customization of templates and reports, automatic
startup, reporting, tuning, upgrades and additions of new attack signatures
· Integration of the product into an overall security framework
Deployment
Product deployment consists of the following steps, which should be staffed and scheduled
as part of your overall security management plan: