Place intrusion detection and intrusion response systems in network locations where they will be the most effective.

UCF ID: 04589
Control Type: Process or Activity
Status: Live

Supporting and supported controls

This control directly supports:

    Establish and maintain documentation for controlling the network configuration. [UCF Control ID 00530]

There are no supporting controls.

Authority documents complied with:

Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, NIST SP 800-97, February 2007, Table 8-1 Item 10, Table 8-2 Item 20; DoD Instruction 8500.2 Information Assurance (IA) Implementation, EBVC-1; ISO/IEC 13335-4 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000, ¶ 8.2.4(5)(6), ¶ 9.2 Table Row “Network Monitoring”, ¶ 9.2 Table Row “Intrusion Detection”

US Federal Security Guidance

The organization should ensure that VPN tunnels are terminated before they reach the network IDS and all unencrypted data is monitored by the IDS. [EBVC-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation]

NIST Guidance

WLANs should have intrusion detection systems installed and implemented. [Table 8-1 Item 10, Table 8-2 Item 20, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, NIST SP 800-97, February 2007]

ISO Guidance

¶ 8.2.4(5)(6) Network Management. An organization should implement safeguards to achieve network management, which includes planning, operation and administration of networks. The proper configuration and administration of networks is an effective means to reduce risks. Safeguards in the area of network management are listed below.
5. Network Monitoring
Network monitoring should be used to identify the weaknesses within the existing network configuration. It allows for reconfiguration caused by traffic analysis and helps to identify attackers.
6. Intrusion Detection
Attempts to gain entry to systems or networks and successful unauthorized entry should be detected so that the organization can respond in an appropriate and effective manner.
¶ 9.2 Table Row “Network Monitoring” in safeguard Network Management should be implemented under normal circumstances for Servers or Workstations with Shared Resources Connected to a Network.
¶ 9.2 Table Row “Intrusion Detection” in safeguard Network Management should be implemented under normal circumstances for Servers or Workstations with Shared Resources Connected to a Network. [¶ 8.2.4(5)(6), ¶ 9.2 Table Row “Network Monitoring”, ¶ 9.2 Table Row “Intrusion Detection”, ISO/IEC 13335-4 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.