Access "Tips and tricks for IDS deployment best practices"
Security people love intrusion detection. IDSes allow us to play multiple roles: amateur detective, omniscient voyeur, would-be superhero. We can watch others, unobserved, as they tinker and tap at our gateways and rattle the doorknobs of other people's virtual offices. But while seductive, intrusion detection remains an overhyped and misunderstood technology because most companies have no clear idea what to do with it. The entire category of products needs to be reassessed if companies are to improve their security--not just make it more interesting. Many IDSes are expensive, and licensing and support fees are only a small part of the cost. Intrusion detection is also a costly diversion from real security. Tuning it, watching it and keeping it current are major drains on the time of security administrators and managers. Qualified security people are in very short supply, and their time would be far better spent addressing real and pressing security issues, such as hardening systems and applications or managing their patch process. Furthermore, the returns ... Access >>>
Premium Content for Free.
Microsoft security improving, while Trustworthy security lacks effort
by Lawrence M. Walsh
Microsoft is making significant strides to clean up its security mess, but Trustworthy Computing still has a long way to go.
Microsoft's internal auditor discusses the company's IT security outlook
Scott Charney is Microsoft's internal auditor, see what he and his team control.
NetIQ's five-point security architecture
Even with expanded support and agents, NetIQ's SIM product remains a Windows-centric solution.
- Microsoft security improving, while Trustworthy security lacks effort by Lawrence M. Walsh
Microsoft Security Response Center revamps its patch processes
Microsoft Security Response Center revamps its advisory and patch processes.
Profile: Symantec CEO John Thompson
Symantec's CEO breaks business and cultural barriers in his drive to build a security superpower.
How to address enterprise IT security concerns with executives
Five tips to win friends and influence C-level execs in your organization.
- Microsoft Security Response Center revamps its patch processes
Next-generation security awareness training
by Andrew Briney
Put your posters and buttons away. A more effective solution is at your fingertips.
Hacking in 2003: Examining this year's hacking techniques
A look at the foibles, follies and felons of infosec in 2003.
Using HoneyD configurations to build honeypot systems
by Marcus J. Ranum, Contributor
Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.
Detecting a Linux server hack
by Jay Beale, Contributor
Learn how to detect if your Linux server have been hacked or compromised.
Tips and tricks for IDS deployment best practices
by Jack Danahy, Contributor
Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.
- Next-generation security awareness training by Andrew Briney
More Premium Content Accessible For Free
As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...
This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...
Despite the enormous concerns around cloud security, many information security professionals remain on the sidelines when it comes to their ...