Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FCC chairman gives support for use of 'white spaces'
Cyber security threats grow in sophistication, subtlety and power
Ex-Google, Yahoo employees behind Hadoop startup
Ex-Enron Broadband exec pleads guilty to wire fraud
Quest's post-acquisition road map a killer for NetPro
Cisco rolls out TelePresence rental service
Willing to pay a 'Mac tax'?
Microsoft reveals critical holes in Active Directory, mainframe gateway
Intel reports record Q3 revenue
Federal employees lack tools for mobile work, study finds
Apple's new MacBooks carved from blocks of aluminum
How bad is U.S. broadband deployment?
Cisco iPrize goes to energy-efficient power grid
Cisco launches first-ever authorized CCIE training program
Novell buying Managed Objects for BSM


Security /
Send to a friend Feedback

Three tips for reducing false alarms

Related linksToday's breaking news
Send to a friendFeedback

Network World, 06/24/02

If you decide to dive into intrusion-detection systems, these tips might help reduce your level of false positives and false alarms:

1. Map your network
Build a map of your entire internal network, identifying all the hosts and services running on them. The more you tell the IDS about what is important in your network, the fewer false alarms you'll get.

For example, if you have Apache Web servers, you should tell the IDS not to look for attacks that are based on Microsoft Internet Information Server vulnerabilities on those servers.

If you've patched a server for Code Red, tell the IDS not to bother reporting Code Red attacks on that server.

2. Firewall your IDS
If you don't put the IDS behind your firewall, you'll learn lots of interesting things about knob-twisting out on the Internet.

Unfortunately, there's no point and nothing you can do with the information - you can spend all day complaining about port scans, and it won't do any good. The less traffic the IDS sees, the less it can complain about.

3. Use reporting tools
Sifting through a pile of events only gets you mired down in details without giving you much of a big picture. IDS reports, which provide summary information on what's going on over a macro scale, such as a 72-hour period, are more useful. Caution: You might have to write some of these tools yourself!

- Joel Snyder

Related Links

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.

To top

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.