Intrusion detection system - Design and Analysis
There is a corporation, say Coca Cola, that has a network suited in a single building. The scope of the corporation is to build up an Intrusion Detection System , to monitor that a rival corporation could not access/gather the documents that contains an secret formula ( of “coca-cola” for example). The documents of “coca-cola” are located in individual host of the network. These documents are accessible for employers from the inside network, but eventually someone can have access from outside in remote login. The computers offer network services such as mail, ftp, telnet and other similar services. The questions related to IDS that Coca Cola have (with pro/cons for each choice), are :
Which kind of model (anomaly/misuse/specification model) is more appropriate for this situation ?
It would be better a centralized or distributed strategy ?
The main problem are the false positive or the false negative ( or both) ?
There is a corporation, say Coca Cola, that has a network suited in a single building. The scope of the corporation is to build up an Intrusion Detection System , to monitor that a rival corporation could not access/gather the documents that contains an secret formula ( of “coca-cola” for example). The documents of “coca-cola” are located in individual host of the network. These documents are accessible for employers from the inside network, but eventually someone can have access from outside in remote login. The computers offer network services such as mail, ftp, telnet and other similar services. The questions related to IDS that Coca Cola have (with pro/cons for each choice), are :
Which kind of model (anomaly/misuse/specification model) is more appropriate for this situation ?
It would be better a centralized or distributed strategy ?
The main problem are the false positive or the false negative ( or both) ?
No comments:
Post a Comment