Updating software packages, configuring firewall properly and implementing an antivirus solution can help to guarantee good security for a home user. But when it comes for corporate information system that provides services for public network and have an outside access, security should be considered more seriously.
Different vulnerabilities and interconnected system creates a new type of threat and malicious attacks. So it is recommended to implement Intrusion detection and prevention system (IDS/IPS).one of the most important element for the IDS/IPS is to have an up to date signature database and a good policy rule-set to be at a high rate of attacks detecting. In certain Snort for example there are three levels of sensitivity the first is the most critical so this alerts dangerous event, while the second and third are just a call of action so it alerts of some unusual activity.
Maybe you will ask how can I take benefit from all these logs? Logs monitoring is very important in preventing attacks for example to make an SQL-injection attackers require from 15 minutes to 3 hours while to exploit an unknown services vulnerability can take even more time. During this period it is possible to prevent attacks that can cause a great damage. So here it is a Time metric!
Well there should be a vulnerability assessment (VA) in place. Just take a look at the Complete Guide to the Common Vulnerability Scoring System (SVSS) version 2 developed by the First this can help to understand different types of attack, it is necessary to integrate the protection in the global environment and to be ready to fix any zero day attack.
New vulnerabilities are discovered and published every day. As a result, staying up-to-date is a must.
make sure you subscribe to my RSS feed!