Host-based intrusion detection systems are deployed for major applications and for network management assets, such as routers, switches, and domain name servers (DNS).
MAC / CONF | Impact | Subject Area |
---|---|---|
MACI MACII | Medium | Enclave Computing Environment |
Threat |
---|
Without proper installation of IDS, intrusions to and hacker attacks against system’s major applications or network assets could not be detected in a timely manner. This implementation guide is aimed to help network administrators implement host- and network-based IDSs for the system to monitor and detect security violations and intrusions. |
Guidance |
---|
1. The network administrator shall identify a list of DOD approved host-based and network-based IDSs (e.g., ISS Real Secure, ISS Proventia, Symantec Intruder Alert). 2. The network administrator shall perform an analysis to determine advantages and disadvantages of individual IDSs identified. 3. The network administrator shall select host-based and network-based IDSs that satisfy the IA requirement and that are suitable to the system and network environment. 4. The network administrator shall install the IDSs in a lab environment, configure the IDSs in accordance with vendor’s security administration guide, and test the installed IDSs for their functionality. 5. The network administrator shall install the IDSs in the operational environment. 6. The project management shall determine who will operate and review the IDSs and the method of managing the IDS (e.g., remote management via VPN in band/out of band, local management) |