Database Security within the General Security Landscape and a Defense-in-Depth Strategy - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

based on policies. This feature can be used in security projects (where

it is important to ensure that no one modifies config files and poli-

cies) as well as in change management and configuration manage-

ment projects.

IDSs can be instrumental in building a security policy

. Many IDSs pro-

vide tools for building security policies and testing/simulating them.

IDSs were once the jewels of the security industry and everyone was

implementing them. As fast as their rise, their decline was faster. IDSs

have been on the decline mostly because of high expectations that they

could not meet. The main issue that brought on their demise is the issue

of false positives—alarms that go off when nothing bad is happening. This

has been such a serious issue that back in June 2003, Gartner declared that

IDS will be obsolete by 2005 and SearchSecurity.com published an article

saying that:

The death knell for intrusion detection is getting louder. Tired of doing

full-time monitoring and fending off alerts that 99 times of 100 mean

nothing, enterprises have been ready to shove these expensive network-

monitoring products off the proverbial cliff.

It is important to understand where these products have failed, espe-

cially if you want to avoid making the same mistakes when you address

your database environment.

The bane of IDS: False positives

Most IDSs generate alerts or alarms. An alarm is raised when the IDS deter-

mines that a system it is responsible for protecting has been successfully

attacked or is being attacked. False positives are alarms that are generated by

an IDS based on a condition that is actually okay. This is one type of mistake

an IDS can make. The second type of mistake an IDS may make is a false

negative, which occurs when the IDS fails to identify that an alert-worthy

condition has occurred. As it turns out, IDSs often make a lot of these mis-

takes, especially when there is not enough investment in configuration.

Another common problem with IDSs is that they often generate a lot

of noise. In fact, many people who complain about an overwhelming

number of false positives are actually complaining about an unmanageable

amount of noise. The term

noise

is used when an IDS generates an alarm

Search WWH ::

Custom Search

Home