32
First
and
foremost,
it
also describes
the characteristics of
IDPS
technologies and
provides
imperative
procedures
and
recommendations in
designing,
implementing,
configuring, securing, monitoring, and maintaining IDPS [10].
•
IDPS
should
be
comprised
of
several
key
components,
which
are
sensors
or
agents,
management
servers,
database
servers,
user
and
administrator
consoles,
and
management
networks.
As
each
component
works
based
upon
its
function
and
purpose,
they
concurrently
collaborate
together
to
create
effective
defense
operation
against
malicious
activities.
Sensors
(network-based) or
agents
(host-
based) work
in
monitoring and analyzing
incoming activities;
management
servers
have
the
task
to
receive
reports and
records
from
sensors
and
agents;
database
servers
serve
as
event
information
repository
from
sensors
or
agents;
consoles mean to be the user and administrator’s interface.
•
Derived
from
these
components, system
or
network
administrators
who
want
to
implement IDPS
then
need
to
consider
in
selecting
the
best
choice
of
IDPS
product that
is
properly suitable
to
their
system requirement. A
good
decision
in
IDPS
solutions
and
products
selection
is
important
and
organizations need
to
define
its
general requirements and
solutions of
the
needs before
making
use
of
IDPS.
This
is
also
to
include
consideration
of
system
and
network
environment
of
the organizations
to achieve effective compatibility between the IDPS
and
the
system.
It
is
also
important
to
incorporate
the
procedure
of
IDPS
with
current
security and other
information technology policies
in the organizations. Selection
also
includes
the
considerations
of IDPS
capabilities,
prices
and
operational
costs, and the efficiency of deployment and maintenance.
 |