Intrusion detection not enough

SAN ANTONIO – According to Digital Defense’s latest “CU Secure Network Security” newsletter, IT managers shouldn’t trust intrusion detection on its own to keep the credit union impervious to hack attacks. Intrusion detection systems can not stand by themselves as and impenetrable security layer, however when they are deployed along with six other security layers, they form a security system that will leave agencies well prepared to combat attacks on or misuse of computing resources, said Digital Defense. The firm said the most effective security models combine the following layers: * A regularly updated security policy. * Security tools tailored to user devices and servers. * Scheduled security audits. * Router-based security measures. * Firewalls. * Intrusion detection in real time or near-real time. * A strategy for responding to incidents. There are two types of intrusion detection currently available: network-based and host-based. “Network-based solutions monitor traffic as it traverses a network. Sensor software or hardware sensors-usually called security appliances -are installed in your network,” said Digital Defense. “Host-based intrusion detection involves loading one or more pieces of software on a server that will be monitored. The software performs a variety of functions, including monitoring communication traffic on the host, verifying the integrity of system files and keeping an eye out for suspicious system processes.” [email protected]