IAB Interactive Standardized Equipment List   return to main tree

Search Interactive SEL:

SEL Number: 05NP-00-IDPS
Title: System, Intrusion Detection/Prevention

Last Updated: 6/28/2022 10:25:40 AM

Previous SEL Number: 05NP-00-IDPS

Description: Intrusion Detection and/or Prevention System (IDS, IPS) deployed at either host or network level to detect and/or prevent unauthorized or aberrant behavior on the network. Software and hardware (appliance) solutions exist. This replaces item 05NP-00-IDS and incorporates more recent prevention technology.

ImportantFeatures: Some IDS systems rely on signatures; others attempt to detect anomalies against baseline usage.

Operating Considerations: Requires trained network security personnel to configure system and interpret warning messages. Prone to false positives.
Will require separate logging server for data collection and backup capability for long term storage of events.
See NIST SP 800-36 for guidance.
Professional third-party security audit recommended before deployment. Use of IDS systems is usually appropriate only after more basic defenses such as firewalls have been deployed.

Training Requirements: Core Training: Per Manufacturer's Specifications
Initial Training: Extensive (> 2 days)
Sustainment Training: Extensive (> 2 days)

Mandatory Standards:

Applicable Standards and References:

  • Law Enforcement: Forensic Technician
  • Law Enforcement: SWAT/Tactical Team