Real Live People
The other type of IDS doesn’t rely on fuzzy logic or predefined attack signatures—
instead it relies on people! Yes, they still do exist when it comes
to evaluating potential problems with your network systems, and in many
ways they have an edge over the computer being the decision maker.
Counterpane is a good example of a company that builds an IDS that
installs in the corporate environment and then sends information about
network activity (logs) back to an evaluation center for trained personnel
to determine, over a period of time, if you are experiencing any type
of hacking activity. Although this type of situation is not nearly as quick
as the computer-generated alert example above, it does eliminate false
positives when the computer keeps telling you that you are under a hack
attack when you really aren’t.
The idea is that a computer-generated system can be only so accurate
when it comes to knowing how to identify hacking attempts against your
networks and other systems. When you have a real-live person looking
at your logs on a continuing basis, you have the security and knowledge that a person is the best judge possible of how many access attempts are
really taking place. If someone is indeed trying to break into your systems,
then a service set up specifically to identify possible attacks is the
The whole idea is to make it possible to perceive that a bigger attack
is coming down the line. Your best defense is having an expert who can
inform you of possible problems when it really counts.
In a setup like this, the IDS company installs a machine inside your
network which sends reports and information through a secure, encrypted
channel back to the home office, where analysts review the data. The
biggest worry most companies have is whether or not the IDS machine
poses a possible risk—a hacker that could gain entrance to the network
through the very device designed to prevent breaches? The answer is
that these servers are configured so that only authorized personnel can
access limited information pertaining to access activity and logs. The
IDS machines themselves do not have access to the mission-critical data
flowing across the network and therefore should not normally constitute
a security vulnerability if compromised.
208 times read
|No matching news for this article
Did you enjoy this article?
(total 0 votes)