How to Cheat at Managing Information Security

The purpose of this chapter is to:
Provide a working definition of an IPS
Provide a catalog of the active responses and the way attacks can be responded to
Provide a quick tour of some current IPS implementations
Provide a description of problems IPSes can solve
I was very lucky to work on most of England s Internet banks, and it really was a pleasure. Apart from the general excitement that always surrounded a new e-commerce project, the banks were risk-averse organizations that rarely cut corners on security, allowing me to delve deep into the areas I was working on.
An Internet bank was being launched in North and my company won the contract to review and improve the security controls. I had made all the necessary improvements to the firewalls and the routers. The intrusion detection system (IDS) was the last component that needed to be reviewed, but that was not going to take place until the morning of the first day the site went live. The implementation team had been let down by the supplier, so the system administrators were going to install and configure the IDS on the big day. The rationale was that an IDS was only a detective control, so the bank could survive it suboptimum for a day or two. It s not as if it was a really important detective control.
When I arrived at the office, all was chaos, with apparently nothing working, no e-mail, no web access the whole things had gone to...