ISO IEC 27039:2015 pdf free
ISO IEC 27039:2015 pdf free.Information technology一Security techniques
The purpose of intrusion detection and prevention system (IDPS) is passively monitoring, detecting and logging inappropriate, incorrect, suspicious or anomalous activity that may represent an intrusion and provide an alert and/or an automated response when these activities are detected. It is the responsibility of the appointed IT Security personnel to actively review IDPS alerts and associated logs in order to make decisions on adequate responses. When an organization needs to detect promptly intrusions to the organization’s information systems and responds appropriately to them, an organization should consider deploying IDPS. An organization can deploy IDPS by getting IDPS software and/or hardware products or by outsourcing capabilities of IDPS to an IDPS service provider.
There are many commercially available or open-source IDPS products and services that are based on different technologies and approaches. In addition, IDPS is not“plug and play” technology. Thus, when an organization is preparing to deploy IDPS, an organization should, as a minimum, be familiar with guidelines and information provided by this standard.
Fundamental knowledge about IDPS is mainly presented in Annex A. This annex explains the characteristics of different types of IDPS:
– Network-based, which monitors network traffic for particular network segments or devices and analyses the network and application protocol activity to identify suspicious activity;
– Host-based, which monitors the characteristics of a single host and the events occurring within that host for suspicious activity as well as three basic approaches for detection analysis, i.e. signature-based detection, statistical anomaly-based detection, stateful protocol analysis detection.
Behavioural analysis applies to network based and host-based IDPS. This approach examines network traffic and host activities to identify threats that generate abnormal behaviour, such as distributed denial of service (DDoS) attacks, brute force attacks, certain forms of malware, and policy violations (e.g. a client system providing network services to other systems).ISO IEC 27039 pdf download.