28
COBIT,
which
are:
effectiveness,
efficiency,
confidentiality,
integrity,
availability, compliance, and reliability of information.
•
IS auditor
needs to
have accurate observation of the
network architecture to place
the
IDS.
This
includes
where
sensitive and
critical
assets
are
placed
within
the
network and
where
to
start
the
detection
inside
the
network. Sensors of
IDS can
be
positioned
in
front
of
perimeter
router
that
is
directly
connected
to
external
connection to
examine
traffic
from
outside,
or
in
between
the
gateway
and
servers/hosts to examine traffic flow inside the network.
•
Configuration parameters are also crucial
in this
manner of
using
IDS throughout
the
network.
Besides to
have
feature of
remote
management,
IDS
should be
able
to
be
configured so
that either sensors
give the data
to
the analysis engine
(push
method) or
analysis engine collects
the data
from the
sensors
(pull
method). IDS
should
be
configured that
it
is
able
to
accurately
examine
patterns
and
user
behavior and
to
differentiate
normal and abnormal
traffic. IS
auditor
is
supposed
to
have
reasonable
guarantee
that
IDS
is
configured
to
monitor
user
accounts,
system
files,
and
log
files
with
tampering
measurement and
to
detect suspicious
files and database alterations and
unknown
files
insertions. False positives should
be
minimized
by
configuring
the
filters
based
upon
the
security
policy
of
the
organization and
setting
the
alerts
to
be
sent
whilst
high-level
intrusions
occur.
Alerts can be sent
through alert pages, e-mail, or other
ways, and reports can be
sent
in
given
period
of
time
to
the
console.
Last,
it
is
better
to
evaluate
the
overall configuration parameters to avoid the failure of the parameters.
 |