Advantages and Disadvantages of IDSs for the Network Manager

Information security, like any type of security, must be holistic in nature. The uncertainty about who will the attackers or intruders be, how will they attack, what will they attack, and why would they attack increases the need to be prepared for all sorts of attack. IDS is one of the technologies that offers this type of security. That is if information security is a goal of the organization. For a network manager, IDSs pose some advantages and disadvantages too.

FIG3

As stated earlier, DSSs can offer a holistic security. This feature is very much necessary for the network manager as he is expected to ensure information security within all the components of the network.  Deploying IDSs in crucial locations, those which are vulnerable to attacks can give the network manager some peace of mind. However, this is not the end of his task for network security.

As discussed above, some IDSs cannot work efficiently in all situations. Some types of IDSs cannot work properly in a network with heavy traffic; some cannot work in the encrypted layers of the network. Hence, it will be necessary for the network manager to be able to decide for the best IDSs that will suit every aspect of the complex network management procedures.

One of these aspects is the organization’s manpower resources. Deployment of IDSs would require sufficient existing staff to monitor this full time. This is because some IDS are designed with the assumption that network personnel will attend to the system for 24/7. Human intervention is always needed upon the detection of attack as it will only be able to send notifications in case of attack. It will not automatically investigate further on the attack unless it is immediately programmed to do so. Lack of security personnel may help the network manager to decide to use other security systems with lesser demands for human supervision.

The constraints of deployment of IDSs start as early as the conceptualization of security procedures. Like all other information security procedures, deploying and operating IDSs will require significant management support. Without this support, the technology may only short-lived and will only serve the interest of internal champions who believe the advantages of the system.

hostbased-1

Some IDS deployment issues that are needed to address include: placement of the IDSs sensors in the most crucial or vulnerable aspects of the network, configuring IDS in order for it reflect security policies of the network, installing proper signatures and other pre-deployment requirements, establishing reliable forensic procedures for evidence-saving functions, and automating of responses if needed and will be allowed. This will be complicated for the network manager as he needs to integrate the IDS into comprehensive network management framework of the organization. This will be useful in simplifying tasks.

Hence, a successful IDS implementation shall involve adequate preparation, appropriate IDS installation, and deployment that will be guided by full-time security personnel. With these requirements satisfied, the network manager will be able to deal with the disadvantages easier.

Advertisements

One Comment Add yours

  1. Elyssa Ann Frances Sutton says:

    While network IDS vendors might want to market their products to network managers at all levels of experience, we find that to be an unreasonable expectation.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s