Chapter 4. Know Your Enemy
Any security-related project starts with an inventory. You need to
know what systems are in your environment and what software they are
running. You also need to know what business processes exist in your
organization so you can tailor your information technology decisions
to support these processes.
When starting an IDS project, it's important to know
not just what you're protecting, but also what the
threats to your environment are. If you don't
understand the nature and methods of your enemy, building defenses to
protect against their attack is nearly impossible. While you might
stumble onto something by accident, a targeted approach to an IDS
deployment yields better returns on your time (and budget).