Information security, like any type of security, must be holistic in nature. The uncertainty about who will the attackers or intruders be, how will they attack, what will they attack, and why would they attack increases the need to be prepared for all sorts of attack. IDS is one of the technologies that offers this type of security. That is if information security is a goal of the organization. For a network manager, IDSs pose some advantages and disadvantages too.
As stated earlier, DSSs can offer a holistic security. This feature is very much necessary for the network manager as he is expected to ensure information security within all the components of the network. Deploying IDSs in crucial locations, those which are vulnerable to attacks can give the network manager some peace of mind. However, this is not the end of his task for network security.
As discussed above, some IDSs cannot work efficiently in all situations. Some types of IDSs cannot work properly in a network with heavy traffic; some cannot work in the encrypted layers of the network. Hence, it will be necessary for the network manager to be able to decide for the best IDSs that will suit every aspect of the complex network management procedures.
One of these aspects is the organization’s manpower resources. Deployment of IDSs would require sufficient existing staff to monitor this full time. This is because some IDS are designed with the assumption that network personnel will attend to the system for 24/7. Human intervention is always needed upon the detection of attack as it will only be able to send notifications in case of attack. It will not automatically investigate further on the attack unless it is immediately programmed to do so. Lack of security personnel may help the network manager to decide to use other security systems with lesser demands for human supervision.
The constraints of deployment of IDSs start as early as the conceptualization of security procedures. Like all other information security procedures, deploying and operating IDSs will require significant management support. Without this support, the technology may only short-lived and will only serve the interest of internal champions who believe the advantages of the system.
Some IDS deployment issues that are needed to address include: placement of the IDSs sensors in the most crucial or vulnerable aspects of the network, configuring IDS in order for it reflect security policies of the network, installing proper signatures and other pre-deployment requirements, establishing reliable forensic procedures for evidence-saving functions, and automating of responses if needed and will be allowed. This will be complicated for the network manager as he needs to integrate the IDS into comprehensive network management framework of the organization. This will be useful in simplifying tasks.
Hence, a successful IDS implementation shall involve adequate preparation, appropriate IDS installation, and deployment that will be guided by full-time security personnel. With these requirements satisfied, the network manager will be able to deal with the disadvantages easier.