Information Technology Reference
In-Depth Information
ing as intended, operational policies, justification for vendor and product selection,
relevance and applicability to IA core elements, and applicable compliance require-
ments satisfied via FW. All are directly traceable to business requirements using the
IA
2
LoS. Moreover, FW costs should be clearly identifiable and directly align with
the business benefits.
9.8 intrusion Detection Systems
Intrusion detection systems (IDSs) are technical devices or software that discover
wrongful entry or wrongful use of information and information technology. The two
IDS types are host-based IDS and network IDS. Host-based IDSs (HIDSs) estab-
lish the host's operational baseline for normal usage and then monitor the host for
unusual activity such as applications, daemons, processes, utilities, databases, etc.
Network IDSs (NIDSs) establish a network's normal usage operational baseline and
then monitor the network for unusual activity such as large data transfers, transfers of
particular types of data, or data transfers outside of normal business hours. Table 9.9
provides an applied IA
2
summary for intrusion detection systems.
table 9.9 Applied
iA
2
Summary: iDS
IA
2
Topic
Description
Mechanism
HIDS, NIDS
Drivers
Defense-in-depth; detective mechanism; maintain
authorized access to enterprise networks and hosts. IDS
may assist with real-time intrusion detection efforts and
with forensic intrusion detection efforts (after the fact) by
maintaining logs of network and host activity.
IA
2
view
Applicable IA
2
views: Systems and applications,
infrastructure (technical)
IA core principles
Applicable IA core principles:
Confidentiality-integrity-availability (CIA)
Authenticity-utility (AU)
Privacy-authorized use (PA)
Compliance
requirements
IDS may assist in satisfying privacy requirements or
otherwise protect against and monitor for unauthorized
presence in enterprise information systems.
ELCM application
Applicable ELCM elements: O&M
Verification
Penetration testing
Operations
Applicable IA operations cycle phases: Anticipate, defend,
monitor, respond
