Deploying Host-Based IDSs
-Proper implementation of HIDSs can be painstaking and time-consuming task .The process of deployment begins with implementing most critical systems first Installation continues until either all systems are installed, or the organization reaches planned degree of coverage it is willing to live
MEASURING THE EFFECTIVENESS OF IDS
IDSs are evaluated by using two dominant metrics:
-Administrators evaluate number of attacks detected in the known collection of probes
-Administrators examine level of use at which IDSs fail
Evaluation of IDS might read: at 100 Mb/s, IDS was able to detect 97 percent of directed attacks as developing this collection can be tedious, most IDS vendors provide testing mechanisms which verify systems are performing as expected. These testing processes allows administrator to:
- Record and retransmit packets from virus or worm scan
-Record and retransmit packets from a virus or worm scan with incomplete
-TCP/IP session connections
-Conduct a real virus or worm scan against an invulnerable system