Detection systems require tuning

Detection systems require tuning


Intrusion detection is the latest tool for network security, but feds who have tried it find it far from simple.

'It's easier said than done,' said Cheryl Ledbetter, information systems security officer for the Transportation Department's Transportation Administrative Services Center. 'You've got to know what you're looking for. Then you've got to look for it.'

Ledbetter and other government security officials spoke last week at a Washington conference on intrusion detection systems.

'IDS is the buzzword of the day,' said Dara Murray, director of computer security for the National Science Foundation.

'We were hacked,' she said, so installing intrusion detection was the top priority when she started her job several months ago. 'You really have to know your environment,' she said.

TASC, which supplies Transportation's backbone, discovered that installing an intrusion detection box and turning it on didn't help much. It was necessary to know the entire network and its changing traffic, understand what was normal, and decide what constituted evidence of an intrusion or attempted intrusion.

Plus, keeping an eye on the results eats a lot of resources, Ledbetter said, especially for an agency short on experienced security people.

If she were doing it over at TASC, 'I'd consider outsourcing it,' she said. That was what NSF decided to do.

'We just didn't have the expertise in-house to monitor our networks,' Murray said. NSF contracted with NetSec Technologies Inc. of Herndon, Va., for round-the-clock intrusion detection. But that did not eliminate the agency's responsibilities.

To write a statement of work, 'you have to understand what you really want,' Murray said. The network has to be documented and its vulnerabilities assessed. The agency must decide what needs to be protected and what doesn't.

'We're not really sure what our environment is because we're just getting our IDS off the ground,' Murray said.

What can happen next is that intrusion detection systems overwhelm security officials with reports.

Deluge of data

'You don't want to get too much, because the more you have, the less people are going to look at it,' said Steven Shields, network security officer for the Coast Guard's Telecommunications and Information Systems Command.

Probes by potential intruders occur almost constantly. When the Coast Guard recently brought up a new network, 'within 15 minutes we had a probe,' Shields said.

The IDS could also bog down the network, said Barton Abbott, Raytheon Co.'s director of information assurance for the Navy-Marine Corps Intranet project.

'You have to tune your systems, or you're going to get flooded,' he said. 'You can create a service denial attack on your own system by setting the intrusion threshold too low.'


  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.