O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Defining an IDS Policy

In its most basic form an IDS is designed to monitor for abnormal or suspicious activity. In this monitoring for suspicious activity, the IDS must be able to determine which activity is unauthorized and which is not. This determination is done by combining knowledge of the access control policy, the culture, and the network infrastructure particular to your organization. This process of defining what is unauthorized is the core of creating the IDS policy.

This IDS policy will be implemented in the form of configuration settings and signatures on the Snort application. Applying the policy to Snort is not the final step in discovering unauthorized activity. You, the IDS analyst, must make the final decision on whether activity ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required