The security policy should specify the methods to be
implemented in the routine monitoring of the network. The purpose of security
monitoring is not only to observe a network attack, but also to point out
potential weaknesses that could be exploited. The one thing monitoring should
verify is whether the security policy is being followed.
Monitoring could be as simple as an orderly collection and review
of the various log files that network devices generate as a normal part of
operation. Simply viewing failed login authentications for a server can indicate
attempts to break into the system or maybe just some individuals that need
additional training. At the other end of the spectrum are sophisticated devices
like IDS that can monitor traffic looking for patterns or signatures that would
indicate something is amiss. If a potential problem is discovered, the IDS
sensor can notify the IDS director management console, which can then start a
process to block (shun) the attack. It could involve creating an access control
list in a router or firewall specifically to block further contact from that
source. IDS technology is covered in
Sections
Comments (0 posted)
Syndication
