The reading this week focuses on IDPS, sensors and preventing intrusions. Answer the questions below, and then respond to at least two other replies.
What types of events might require higher escalation, and how might administrators respond to different types of breaches? For example, how would an administrator most likely respond to a threat against a customer database versus a website with no confidential data? Give another kind of breach, and how you think an administrator should respond to it.
Research different types of available IDPS systems available on the market. Select your favorite hardware and software based system. See if you can price different options for IDPS software and hardware (some won’t provide pricing unless you are interested in buying and can provide specific info, so don’t be discouraged if this is the case). Report your findings. Which would you recommend, when considering the features of the hardware versus the software system, and taking pricing into account (if applicable). Why?
Research IDPS whitepapers regarding proper configuration and how to avoid false positives while increasing true positives. What are some tips you’ve discovered on how to do this?
