Deciding What to Monitor
After putting together an IDS policy centered on what activity is deemed to be unauthorized, you need to put it to practical use. The outcome of the policy should be a high-level overview of the intrusion detection capability you will strive to achieve for the organization. After this process is finished, you should apply the policy to the portions of your network infrastructure you are going to monitor. Getting more granular, you will need to decide which services will be monitored, and the specific attack signatures that will be looked for. We will get into this level of detail when you tune Snort in Chapter 10.
The ideal situation is to monitor everything. Every network device would be covered under Snort's watchful ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access