[178074] in North American Network Operators' Group
Re: Intrusion Detection recommendations
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri Feb 13 22:51:07 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <EB3171FA-1A68-4564-B655-0BAF9189AB11@newslink.com>
From: Jimmy Hess <mysidia@gmail.com>
Date: Fri, 13 Feb 2015 21:50:44 -0600
To: Andy Ringsmuth <andy@newslink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, Feb 13, 2015 at 11:40 AM, Andy Ringsmuth <andy@newslink.com> wrote:
> NANOG'ers,
> I've been tasked by our company president to learn about, investigate and recommend an intrusion detection system for our company.
An important thing to realize is that an Intrusion Detection System is
not a "product" you can buy.
And if your org. is 100 people, you should probably think about
engaging some professional security services firms to help,
starting with a basic Info. security and physical security audit from
an independent third party.
An intrusion detection system consists of an infrastructure stack
containing vigilant dedicated human beings, devices, various
software for instrumenting the network in different ways and analyzing
collected data, documentation, business, and security processes
within the organization.
Without enough of all those pieces, there are plenty of off-the-shelf
IPS offerings, BUT using one could very well instill a false
sense of security, because you have no idea if the product is
actually doing a good job at what it is supposed to do, and not just
presenting a "perception" of security mostly by tackling just
whatever bugs or malware is appearing in the news headlines of the
day.
Also, there is the matter of being equipped with suitable analysis and
response plans to be prepared for the time that the IDS alarm actually
goes off, and to be able to determine if it's actually legitimately a
false alarm, something meriting investigation, or if it represents
an emergency.
> We're a smaller outfit, less than 100 employees, entirely Apple-based. Macs, iPhones, some Mac Mini servers, etc.
[snip]
--
-JH
