The vast majority of intrusion-detection systems (IDS) available today allow system administrators some degree of flexibility in configuring the sensitivity of the system’s detection and reporting algorithms. This presents a dilemma to diligent administrators: What is the proper balance between providing adequate intrusion detection and the possibility of overwhelming administrators with false reports?

Read the full article: Evaluating and tuning an intrusion-detection system

Published in SearchSecurity on 08/11/03