222 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
3. From the Default Repository on the SiteProtector console, open the Tuning
Parameters policy (Figure 7-1 on page 216).
The local Radius administrator identified that the longest user ID is 58
characters in length. The analyst recommends adjusting a tuning parameter,
pam.radius.user.max, to the value of 58.
4. In the Add Tuning Parameters dialog box (Figure 7-10), complete the
following steps for this example:
a. Select the Enabled check box.
b. For name, enter pam.radius.user.max.
c. Click OK.
Figure 7-10 Adding a tuning parameter
7.4 False negatives
False negatives occur when traffic does not trigger a security alert when it should
have. This situation typically occurs when the organization has custom
applications or protocols that IBM might not know about.
7.4.1 Identifying false negatives
Identification of false negatives can come from many sources. For example, a
systems administrator might discover a vulnerability in her own code that cannot
be patched until the next maintenance period. Another example might come from
an incident response report after a breach. The incident response auditors might
discover that the breach occurred because of a local, custom web application.

Get Network Intrusion Prevention Design Guide: Using IBM Security Network IPS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.