Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Q&A: WiMAX’s potential to deliver rural broadband
University sets up a campus warning network for free
AMD to spin off chip fabs to raise funds
U.S. Army gets tough with desktop software policy
Goldman Sachs leads $12 million investment in Nimsoft
HP, Tandberg team for soup-to-nuts telepresence
Microsoft denies hiring freeze
Credit-card security standard issued after much debate
Ballmer says Microsoft will soon release 'Windows Cloud' OS
IBM opens beta for Bluehouse online social networking and collaboration service
Clearwire CEO Wolff talks WiMAX strengths, killer enterprise apps
CA set to roll out data center automation package
T-Mobile lost disk containing data on 17 million customers
IPO dry spell could hurt tech start-ups


Security /
Send to a friend Feedback

Three tips for reducing false alarms

Related linksToday's breaking news
Send to a friendFeedback

Network World, 06/24/02

If you decide to dive into intrusion-detection systems, these tips might help reduce your level of false positives and false alarms:

1. Map your network
Build a map of your entire internal network, identifying all the hosts and services running on them. The more you tell the IDS about what is important in your network, the fewer false alarms you'll get.

For example, if you have Apache Web servers, you should tell the IDS not to look for attacks that are based on Microsoft Internet Information Server vulnerabilities on those servers.

If you've patched a server for Code Red, tell the IDS not to bother reporting Code Red attacks on that server.

2. Firewall your IDS
If you don't put the IDS behind your firewall, you'll learn lots of interesting things about knob-twisting out on the Internet.

Unfortunately, there's no point and nothing you can do with the information - you can spend all day complaining about port scans, and it won't do any good. The less traffic the IDS sees, the less it can complain about.

3. Use reporting tools
Sifting through a pile of events only gets you mired down in details without giving you much of a big picture. IDS reports, which provide summary information on what's going on over a macro scale, such as a 72-hour period, are more useful. Caution: You might have to write some of these tools yourself!

- Joel Snyder

Related Links

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.

To top

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.