�ݺ�ߣ

Symantec Security Services’ Lifecycle Deployment
Methodology for Host-Based Intrusion Detection
For <Company Name>
April 10, 2001

A Deployment Methodology With Product
Lifecycle Considerations Will Enable Success
While Enhancing an Organization’s Security
Architecture!

Host-Based Intrusion Detection
Lifecycle Deployment Methodology
Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Phase 7
Phase 8
Phase 9
Define
Install
Level I Configure
Monitor
Level II Configure
Monitor
Level III Configure
Monitor
Maintain

Phase 1 Define

• Phase One - Project Definition
 Define a mutually acceptable “Mission Statement” outlining
Client’s project goals
 Acquire an operational understanding of the Client’s environment
and security needs:
 Review Client’s documentation
 Review Environment characteristics
 Fill out applicable worksheets
 Conduct personnel interviews
 Identify Client’s personnel roles and responsibilities

• Phase One - Project Definition (Cont.)
 Develop a comprehensive plan for integrating the product within the
Client’s environment:
 Develop a Project Work Plan to detail required resources
 Develop an Acceptance Test Plan
 Address Intruder Alert (IA) product scalability requirements
 Work with Client to design a deployment strategy that is
scalable, which meets existing and future business
requirements

 Develop a comprehensive plan for integrating the product within the
Client’s environment:
 Provide specifics on hardware recommendations consistent
with product architecture and design issues relevant to the
Client’s environment
 Perform detailed analysis of Client’s recommended IA policy
for pertinent Operating Systems and segment into three
security levels to construct Level I, II and III Baseline
configurations

 Develop a comprehensive plan for integrating the products within
the Client’s environment:
 Identify the scope of the IA Implementation:
• Determine Number of Managers to be installed/patched
• Determine Number of Consoles to be installed/patched
• Determine Number of Agents to be installed/patched

 Deliverables:
 Mission Statement – Clearly defined and mutually acceptable
goals for Project scope
 Project Plan - Illustrates schedule of events, resources
required and major milestones
 Acceptance Test Plan - Offers a mutually agreed upon test to
prove soundness and reliability of the deployed technology

 Deliverables:
 Server Inventory - Documented List of servers to be
installed
with predetermined IA components
 Documented Level I, II and III Baseline policies –
Evaluate
Client’s recommended IA policy and segment into Level
I,
II and III Baseline policy

Phase 1
Phase 2
Define
Install

• Phase Two - Installation
 Deploy IA components identified in Server Inventory and
implement based upon Project Work Plan:
 Number of Managers to be installed/patched
 Number of Consoles to be installed/patched
 Number of Agents to be installed/patched

• Phase Two - Installation (Cont.)
 Deliverables:
 Updated Project Plan (if applicable) - Updates sections of
this
document to show current state of the Project
 Fully-functional IA deployment – Demonstrates, through
use of the Acceptance Test Plan, that all software
components
are functioning properly

Phase 1
Phase 2
Phase 3
Define
Install
Level I Configure

• Phase Three - Level I Baseline Configuration
 Import recommended Level I Baseline policy for IA focusing
on
High-Level Event Criteria
 Create an agreed upon domain architecture for managing the
products
 Work with Client to provide “Separation of Duties”
considerations
to determine access levels for approved personnel

• Phase Three - Level I Baseline Configuration (Cont.)
 Add notification features for Level I Baseline policy
 Configure reporting to highlight event data and fulfill Client
expectations

• Phase Three - Level I Baseline Configuration (Cont.)
 Deliverables:
 IA Level I Baseline Configuration Guide – Describes
Client’s IA security architecture, system configurations
and implemented policy through Level I Baseline

Phase 1
Phase 2
Phase 3
Phase 4
Define
Install
Level I Configure
Monitor

• Phase Four - Data Analysis / Monitoring
 Utilize Level I Baseline policy activated on the IA Agents to
gather
data against the target environment
 Analyze the data collected by the Agents
 Address False Positives and False Negatives and document
any deviations or exceptions
 Offer guidance in the correction of discovered vulnerabilities
in order to verify the validity of the deployed Level I
Baseline policy (Client is responsible for fixing discovered
vulnerabilities)

• Phase Four - Data Analysis / Monitoring (Cont.)
 Deliverables:
 IA Level I Vulnerability Report - Illustrates discovered
vulnerabilities from Agent data collection utilizing Level I
Baseline policy recommendations

Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Define
Install
Level I Configure
Monitor
Level II Configure

• Phase Five - Level II Baseline Configuration
 Import recommended Level II Baseline policy for IA focusing
on
Medium-Level Event Criteria
 Add notification features for Level II Baseline policy
expectations

• Phase Five - Level II Baseline Configuration (Cont.)
 Deliverables:
 IA Level II Baseline Configuration Guide – Describes
and implemented policy through Level II Baseline

Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Define
Install
Level I Configure
Monitor
Level II Configure
Monitor

• Phase Six - Data Analysis / Monitoring
 Utilize Level II Baseline policy activated on the IA Agents to
gather
data against the target environment
in order to verify the validity of the deployed Level II
vulnerabilities)

• Phase Six - Data Analysis / Monitoring (Cont.)
 Deliverables:
 IA Level II Vulnerability Report - Illustrates discovered
vulnerabilities from Agent data collection utilizing Level
II

Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Phase 7
Define
Install
Level I Configure
Monitor
Level II Configure
Monitor
Level III Configure

• Phase Seven - Level III Baseline Configuration
 Import recommended Level III Baseline policy for IA focusing
on
Low-Level Event Criteria
 Add notification features for Level III Baseline policy
expectations

• Phase Seven - Level III Baseline Configuration (Cont.)
 Deliverables:
 IA Level III Baseline Configuration Guide – Describes
and implemented policy through Level III Baseline

Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Phase 7
Phase 8
Define
Install
Level I Configure
Monitor
Level II Configure
Monitor
Level III Configure
Monitor

• Phase Eight - Data Analysis / Monitoring
 Utilize Level III Baseline policy activated on the IA Agents to
gather data against the target environment
in order to verify the validity of the deployed Level III
vulnerabilities)

• Phase Eight - Data Analysis / Monitoring (Cont.)
 Deliverables:
 IA Level III Vulnerability Report - Illustrates discovered
vulnerabilities from Agent data collection utilizing Level
III

• Phase Nine - Maintain
 Enable the Client to maintain IA by implementing daily
operations
and procedures for keeping the technology functional and up-
to-
date
 Document the entire Lifecycle Deployment Methodology for
future Client reference
 Instruct Client on the value of reevaluation and the benefit of
revisiting the aforementioned phases as product updates are
released and/or the Client’s architecture changes

• Phase Nine - Maintain (Cont.)
 Provide extensive product knowledge transfer, for designated
Client personnel, on the day-to-day operations relative to the
deployed technology

 Deliverables:
 Product Update Procedures Guide for IA – Offers
recommendations and knowledge specific to product
updates and upgrades
 Change Control Guide for IA - Offers recommendations
and knowledge specific to implementing a successful
Change Control Program

 Deliverables:
 Daily Operations Guide for IA - Offers recommendations
and knowledge specific to daily product maintenance
and
management issues

• Questions ???

�ݺ�ߣ

Host-Based IDS LLifecycle

More Related Content

Host-Based IDS LLifecycle