However, for an IDS to really be an efficient security mechanism, it must have some characteristics. According to Ned (1999), an IDS tool must have the following characteristics:
1. be executed continuously, without human interaction and be safe enough, to allow its operation in promiscuous mode;
2. be fault tolerant, so that your knowledge base does not become inconsistent;
3. resist attempts to change your knowledge base, maintaining monitoring to ensure your security;
4. provide the minimum impact on the functioning of the system;
5. be able to detect changes in the normal functioning of the system;
6. be easy to configure, so that any changes can be made quickly;
7. cover changes in the system over time, as in the case of a new application that starts to be part of the system;
8. be able to minimize the probable errors of intrusion detection and analysis.
When we spoke earlier about minimizing possible evaluation errors, reference was made to the following types of errors in the intrusion detection and prevention systems tool, for example:
1. false positive - occurs when the tool classifies an action as a possible intrusion, although, in fact, it is a legitimate action;
2. false negative - occurs when a real intrusion occurs, but the tool allows it to pass as if it were a legitimate action;
3. subversion - occurs when the intruder modifies the operation of the IDS tool to force the occurrence of false negatives.
1. be executed continuously, without human interaction and be safe enough, to allow its operation in promiscuous mode;
2. be fault tolerant, so that your knowledge base does not become inconsistent;
3. resist attempts to change your knowledge base, maintaining monitoring to ensure your security;
4. provide the minimum impact on the functioning of the system;
5. be able to detect changes in the normal functioning of the system;
6. be easy to configure, so that any changes can be made quickly;
7. cover changes in the system over time, as in the case of a new application that starts to be part of the system;
8. be able to minimize the probable errors of intrusion detection and analysis.
When we spoke earlier about minimizing possible evaluation errors, reference was made to the following types of errors in the intrusion detection and prevention systems tool, for example:
1. false positive - occurs when the tool classifies an action as a possible intrusion, although, in fact, it is a legitimate action;
2. false negative - occurs when a real intrusion occurs, but the tool allows it to pass as if it were a legitimate action;
3. subversion - occurs when the intruder modifies the operation of the IDS tool to force the occurrence of false negatives.
google 947
ReplyDeletegoogle 948
google 949
google 950
google 951
google 952