Method for configuring a network intrusion detection system
First Claim
1. A method for configuring an intrusion detection system in a network, comprising:
- determining a location for a deployed intrusion detection sensor of said intrusion detection system wherein said sensor in enabled to monitor communication in a portion of said network;
deploying said intrusion detection sensor in said location in said network;
tuning said intrusion detection sensor to an appropriate level of awareness of content in said communication in said network;
prioritizing responses generated by said intrusion detection sensor to achieve an appropriate response to a detected intrusion in said network; and
configuring intrusion response mechanisms in said network to achieve an appropriate response by said mechanisms.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method for configuring an intrusion detection system in a network which comprises determining a location in the network for a deployed intrusion detection sensor of the intrusion detection system, deploying the intrusion detection sensor in the determined location, enabling the intrusion detection sensor to monitor communication in a portion of the network, tuning the intrusion detection sensor to an appropriate level of awareness of the content in the communication in the network, prioritizing responses generated by the intrusion detection sensor to achieve an appropriate response to a detected intrusion in the network, configuring intrusion response mechanisms in the network to achieve an appropriate response by the mechanisms; and re-tuning the intrusion detection sensor in response to a prior intrusion detection.
52 Citations
27 Claims
-
1. A method for configuring an intrusion detection system in a network, comprising:
-
determining a location for a deployed intrusion detection sensor of said intrusion detection system wherein said sensor in enabled to monitor communication in a portion of said network;
deploying said intrusion detection sensor in said location in said network;
tuning said intrusion detection sensor to an appropriate level of awareness of content in said communication in said network;
prioritizing responses generated by said intrusion detection sensor to achieve an appropriate response to a detected intrusion in said network; and
configuring intrusion response mechanisms in said network to achieve an appropriate response by said mechanisms. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for protecting security of a provisionable network, comprising:
-
a network server;
a pool of resources coupled with said server for employment by a client;
a resource management system for managing said resources; and
an intrusion detection system enabled to detect and respond to an intrusion in said network. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A network intrusion detection system, comprising:
-
a network device comprising intrusion detection software, said device communicatively coupled with a provisionable network;
a trust hierarchy, comprising a portion of said network and enabled to communicate with said software and to cause evaluation of a detected intrusion;
a deployable, tunable, intrusion detection sensor; and
a network device enabled to generate a response to a detected intrusion. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification