BS ISO IEC 27039-2015 Information technology Security techniques Selection deployment and operations of intrusion detection systems (IDPS)《信息技术 安全技术 入侵式检测系统的选择、开发和操作(IDPS).pdf
《BS ISO IEC 27039-2015 Information technology Security techniques Selection deployment and operations of intrusion detection systems (IDPS)《信息技术 安全技术 入侵式检测系统的选择、开发和操作(IDPS).pdf》由会员分享,可在线阅读,更多相关《BS ISO IEC 27039-2015 Information technology Security techniques Selection deployment and operations of intrusion detection systems (IDPS)《信息技术 安全技术 入侵式检测系统的选择、开发和操作(IDPS).pdf(60页珍藏版)》请在麦多课文档分享上搜索。
1、BSI Standards Publication BS ISO/IEC 27039:2015 Information technology Security techniques Selection, deployment and operations of intrusion detection systems (IDPS)BS ISO/IEC 27039:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 27039:2015. It super
2、sedes BS ISO/IEC 18043:2006 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to inclu
3、de all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 76243 7 ICS 35.020; 35.040 Compliance with a British Standard cannot confer immunity from legal obligations
4、. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 28 February 2015. Amendments/corrigenda issued since publication Date Text affectedInformation technology Security techniques Selection, deployment and operations of intrusion detection system
5、s (IDPS) Technologies de linformation Techniques de scurit Slection, dploiement et oprations des systmes de dtection dintrusion INTERNATIONAL STANDARD ISO/IEC 27039 Reference number ISO/IEC 27039:2015(E) First edition 2015-02-15 ISO/IEC 2015 BS ISO/IEC 27039:2015ii ISO/IEC 2015 All rights reserved C
6、OPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior writte
7、n permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ISO
8、/IEC 27039:2015(E)BS ISO/IEC 27039:2015ISO/IEC 27039:2015(E)Foreword v Introduction vi 1 Scope . 1 2 T erms and definitions . 1 3 Background 5 4 General 5 5 Selection 6 5.1 Introduction 6 5.2 Information security risk assessment. 7 5.3 Host or Network IDPS . 7 5.3.1 Overview . 7 5.3.2 Host-based IDP
9、S (HIDPS) . 7 5.3.3 Network-based IDPS (NIDPS) . 7 5.4 Considerations 8 5.4.1 System environment . 8 5.4.2 Security protection mechanisms . 8 5.4.3 IDPS security policy 8 5.4.4 Performance 9 5.4.5 Verification of capabilities 10 5.4.6 Cost .10 5.4.7 Updates .11 5.4.8 Alert strategies .12 5.4.9 Ident
10、ity management12 5.5 Tools that complement IDPS 13 5.5.1 Overview 13 5.5.2 File integrity checkers 14 5.5.3 Firewall .14 5.5.4 Honeypots .14 5.5.5 Network management tools 15 5.5.6 Security Information Event Management (SIEM) tools 15 5.5.7 Virus/Content protection tools 16 5.5.8 Vulnerability asses
11、sment tools .16 5.6 Scalability .17 5.7 Technical support 17 5.8 Training 18 6 Deployment .18 6.1 Overview .18 6.2 Staged deployment .18 6.3 NIDPS deployment 19 6.3.1 Overview 19 6.3.2 Location of NIDPS inside an Internet firewall .20 6.3.3 Location of NIDPS outside an Internet firewall 20 6.3.4 Loc
12、ation of NIDPS on a major network backbone .21 6.3.5 Location of NIDPS on critical subnets 21 6.4 HIDPS deployment 21 6.5 Safeguarding and protecting IDPS information security .22 ISO/IEC 2015 All rights reserved iiiBS ISO/IEC 27039:2015ISO/IEC 27039:2015(E)7 Operations 22 7.1 Overview .22 7.2 IDPS
13、tuning 23 7.3 IDPS vulnerabilities .23 7.4 Handling IDPS alerts .23 7.4.1 Overview 23 7.4.2 Information Security Incident Response Team (ISIRT) 24 7.4.3 Outsourcing .24 7.5 Response options .25 7.5.1 Principles .25 7.5.2 Active response 25 7.5.3 Passive reaction .27 7.6 Legal Considerations .27 7.6.
14、1 Overview 27 7.6.2 Privacy .27 7.6.3 Other legal and policy considerations 27 7.6.4 Forensics 27 Annex A (informative) Intrusion Detection and Prevention System (IDPS): Framework and issues to be considered .28 Bibliography .48 iv ISO/IEC 2015 All rights reservedBS ISO/IEC 27039:2015ISO/IEC 27039:2
15、015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through
16、 technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also ta
17、ke part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the differe
18、nt approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be th
19、e subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/pate
20、nts). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO princi
21、ples in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 27, Security techniques. This first edition of ISO/IEC 27039 cancels and replaces ISO/IEC 1
22、8 0 4 3 : 2 0 0 6 , w h i c h h a s b e e n technically revised. Legal notice The National Institute of Standards and Technology (NIST), hereby grant non-exclusive license to ISO/IEC to use the NIST Special Publication on intrusion detection systems (SP800-94 rev1, July 2012) in the development of t
23、he ISO/IEC 27039 International Standard. However, the NIST retains the right to use, copy, distribute, or modify the SP800-94 as they see fit. ISO/IEC 2015 All rights reserved vBS ISO/IEC 27039:2015ISO/IEC 27039:2015(E) Introduction Organizations should not only know when, if, and how an intrusion o
24、f their network, system, or application occurs. They also should know what vulnerability was exploited and what safeguards or appropriate risk treatment options (i.e. risk modification, risk retention, risk avoidance, risk sharing) should be implemented to prevent similar intrusions in the future. O
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- BSISOIEC270392015INFORMATIONTECHNOLOGYSECURITYTECHNIQUESSELECTIONDEPLOYMENTANDOPERATIONSOFINTRUSIONDETECTIONSYSTEMSIDPS

链接地址:http://www.mydoc123.com/p-396700.html