Intrusion Detection and Incident Response
2 page paper APA format
Situation: You work for a large data processing organization. You are the network security administrator for the organization’s LAN. The LAN is comprised of 5 SQL-servers, 2 domain controllers and several data storage servers. 3 months ago, some private consultants and you put a IPS in place to secure the LAN. Lately you have noticed a large number of false positives being generated and logged. When the consultants left they mentioned all alerts are being logged and quickly discussed all the rules they put in place.
Evaluate this situation in terms of how to best fine tune your IPS. In a 2-3 page, APA formatted paper describe what you feel could be the problems causing these false alarms. Next, describe the steps you would go through to test your ideas on what the problem could be and find an answer/corrective measure for each potential problem you identified.