Computer security Question:
What do you see as challenges to successfully deploying/monitoring web intrusion detection?
Answer:
Note: Goal of question – We are attempting to see if the applicant has a wide knowledge of web security monitoring and IDS issues such as:
· Limitations of NIDS for web monitoring (SSL, semantic issues with understanding HTTP)
· Proper logging – increasing the verboseness of logging (Mod_Security audit_log)
· Remote Centralized Logging
· Alerting Mechanisms
· Updating Signatures/Policies
· Limitations of NIDS for web monitoring (SSL, semantic issues with understanding HTTP)
· Proper logging – increasing the verboseness of logging (Mod_Security audit_log)
· Remote Centralized Logging
· Alerting Mechanisms
· Updating Signatures/Policies