© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
alarm remains silent; alerting no one of the fire thus creating a danger to those
counting on successful operation of the fire alarm.
Continuing with this analogy, the remaining conditions are as follows. When a
mischievous student pulls the alarm, knowing no fire exists, he/she presents a false
positive. The alarm dutifully goes off with the lack of a fire.
Numerous occurrences
of false positives and the seriousness of the alarm is belittled and soon to be
ignored. Finally the true negative relates to the alarm remaining silent while the
schoolhouse is not aflame. Table 2 maps the conditions of this analogy using a
similar format used in Table 1.
Table 2: Relationships as they apply to the schoolhouse fire alarm analogy.
Tuning an IDS is typically an ongoing task.
Threats and computing
environments are ever-changing, thus systems deployed to detect such threats must
adapt accordingly. Detecting malicious network activity is an important piece of an
overall security architecture, but what can we do to defend from detected attacks?
Prevention is the key and covered in the section.
Nicholas Pappas
6
ALAR M
S ILE NC E
