HostedDB - Dedicated UNIX Servers
pilot_9 August 28, 1998 Intrusion Detection Pilot Program Guide 6 Phase 3 – Successful Deployment Goal The goal of this phase is to employ the new IDS Product on your network as effectively as possible. Since there are operational and process issues involved with adding this type of product to a network infrastructure, many companies choose an initial phased deployment to allow their personnel to learn the product and to integrate the product into their operational structure in a controlled manner. Typical Duration 60-90 work days, depending on the size, complexity, and utilization of the network, and available technical resources Procedure Successful deployment involves careful planning, appropriate training, and coordination with your existing security policy (whether formalized or not). The following steps indicate how to best deploy intrusion detection technology for long term success: Planning Planning includes: · Defining organizational responsibilities for installing, configuring, and managing the product and associated activities (reporting, updates, etc.) · Defining incident response activities (normally part of an overall security policy) · Selecting the networks to be protected · Determining the number and type (i.e., Windows NT, Unix) of intrusion detection engines to be installed Training Vendor and/or consultant-provided training greatly increase the probability of successful IDS deployment. Training should include: · Basic security management concepts (if needed) · Network-based vulnerabilities and threats · Product architecture, system requirements, and configuration information · Product operations, including use and customization of templates and reports, automatic startup, reporting, tuning, upgrades and additions of new attack signatures · Integration of the product into an overall security framework Deployment Product deployment consists of the following steps, which should be staffed and scheduled as part of your overall security management plan: