|
Intrusion Management Process / Security Information Management (SIM) Consultancy See New Intruder Management Console The reasons for IDS failure are that technology is only a small part of the framework that manages the problem. IDS is detection not prevention. There a need for an Intrusion Management Process. Need process personnel, policies education and awareness with technology assigned to the following areas :- 1)Vulnerability Assessment Assessment of what an organisation is vulnerable to and the costs if exploited. I have had broad experience in this area while at BT 2) Intrusion Detection ... on the network and at hosts .. Advised BT clients and the web design team on this 3) Event management Ability to monitor a) firewall logs (I have worked on Lance Spitzner Firewall log analysis scripts for this purpose ) b) Host IDS alerts .(have advised BT Ignite design teams on this requirement) c) Network IDS logs .. Snort .. Realsecure ... d) File integrity checkers (eg Tripwire) to alert on unusual file changes .. e) and relate these together to identify the scope of the incident. See SIM below ..I have worked with ACID from snort 4) Incident response a) Ability to recover from the incident .. Technical data restoration .. jumpstart servers and resilience built-in to the infrastructure ...this was designed into the BT hosting infrastructures. b) The ability to prosecute the perpetrator. …. Proper processes, expertise and experience need to be in place to enable this ..(see SIM systems below). In addition, these areas need to be |
|
|
|
To Contact Me |
|
Phone: 07768 113497 Fax: 01473 423491 |
|
Security Information Management Issues |
|
Home Page | Network Penetration Testing | Firewall and VPN Engineering | Network Design | Security Policy | Network Support | Employment / Contract History | CV and References | Personal |
