Defining an IDS Policy
In its most basic form an IDS is designed to monitor for abnormal or suspicious activity. In this monitoring for suspicious activity, the IDS must be able to determine which activity is unauthorized and which is not. This determination is done by combining knowledge of the access control policy, the culture, and the network infrastructure particular to your organization. This process of defining what is unauthorized is the core of creating the IDS policy.
This IDS policy will be implemented in the form of configuration settings and signatures on the Snort application. Applying the policy to Snort is not the final step in discovering unauthorized activity. You, the IDS analyst, must make the final decision on whether activity ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.