Information Risk Management Case Study: Configuration Review - IDS/IPS
Source: Information Risk Management
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are crucial components of an organisation's security infrastructure. However to maximise the effectiveness of an IDS or IPS, a finely-tuned configuration is required. The oversensitive IDS threatens its effectiveness by flooding even the most sophisticated log correlation engines, resulting in actual attack attempts being lost within the noise. Conversely, poorly-configured IDS lacking the appropriate attack signatures results in legitimate attack attempts going entirely unlogged. In contrast to other configuration review services, IRM takes a network-based testing approach to IDS assessment. Through the transmission of a variety of security test cases including both stealthy and noisy network probes targeting client systems, IRM assesses configuration of the IDS or IPS systems in place.