34,333
edits
Changes
no edit summary
* '''Matching the Bandwidth Curve''' - With the increasing deployments of fiber and Gigabit Ethernet it is becoming increasingly challenging for network-based intrusion detection systems to keep up with the speed of data traveling across networks.
== Responding to Incidents ==
When an IDS alerts an administrator to an attack it is important that the administrator have guidelines to follow in response to the notification. A number of response options are available:
* '''Deflection''' - When an attack is identified the administrator may choose to deflect the attacker to a secured host or network segment that will lead the attacker to believe they have succeeded (typically pre-configured environments known as ''honeypots'' and ''honeynets'' respectively).
* '''Detection''' - The process of detection involves the application of forensics in an attempt uncover the identity and location of the attacker for subsequent investigation by law enforcements agencies.
* '''Countermeasures''' - Automated countermeasures can be implemented through the deployment of Intrusion Countermeasure Equipment (ICE). Such systems will lock down a network or increase security levels in the event of an attack. Such systems should be used with care as false positives may result in unnecessary interruptions of service.
