BS ISO/IEC BRITISH STANDARD 18043:2006 Information technology - Security techniques - Selection, deployment and operations of intrusion detection systems ICS 35.040 BSi NO COPYING WITHOUT BSIPERMISSIONEXCEPT ASPERMITTEDBY COPYRIGHT LAW British Standards BSISO/IEC18043:2006 National foreword This British Standard reproduces verbatim IS0/IEC 18043:2006 and implementsitastheUKnationalstandard. The UK participation in its preparation was entrusted to Technical Committee IST/33, Information technologySecurity techniques, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals for change, and keep UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in this document maybe found in theBSI Catalogue under the section entitled "International Standards Correspondence Index", or by using the “"Search" facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard does not ofitself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC title page, pages ii to v, a blank page, pages 1 to 46,an insideback cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. This British Standard was Amendmentsissued sincepublication ed published under the authority of the Standards Policy and Date Comments Strategy Committee Amd. No. on31July2006 BSI 2006 ISBN0580489213 INTERNATIONAL ISO/IEC STANDARD 18043 First edition 2006-06-15 Information technology Security techniques Selection, deployment and operations of intrusion detection systems Technologies de I'information- Techniques de securite- Sélection, deploiement et operations des systemes dedetection dintrusion Referencenumber ISO/IEC18043:2006(E) IEC tso ii BSISO/IEC18043:2006 Version correct as of 19/10/2017 Contents Page Foreword. iv Introduction 1 Scope 2 Terms and definitions 3 Background 4 General 5 5.1 InformationSecurityRiskAssessment. 5.2 Host or Network IDS. 5.3 Considerations.... 5.4 Tools that complement IDS 13 5.5 Scalability... 17 5.6 Technicalsupport. .17 5.7 Training..... 6 6.1 StagedDeployment ...18 7 Operations. ..22 7.1 IDs Tuning.. 22 7.2 IDS Vulnerabilities 7.3 Handling IDSAlerts 22 7.4 ResponseOptions. 25 7.5 LegalConsiderations. 26 Council, AnnexA(informative)Intrusion DetectionSystem (IDS): Framework and Issues to be Considered....27 A.1 IntroductiontoIntrusionDetection....... A.2 Types of intrusions and attacks... ..28 A.3 Generic Model of Intrusion Detection Process.... 29 A.4 A.5 Architecture.. A.6 Managementofan IDS. .39 A.7 ImplementationandDeploymentIssues 42 A.8 IntrusionDetectionIssues 44 Bibliography. 46 ii BSISO/IEC18043:2006 of19/10/2017 Foreword Iso (the International Organization for Standardization) and IEC (the International Electrotechnical IsO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. IsO and IEC se Version correct technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/lEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an Int