TDI managed and engineered an Intrusion Detection System (IDS) deployment at the United States Geological Survey (USGS). TDI installed, analyzed, and helped USGS to comprehend a leading IDS software product suite. We provided a preliminary installation overview, then installed the product suite on several allocated machines to interactively demonstrate the installation process. The installation was followed by a summary training that included tips on generating useful reports and hands-on use of the IDS to ensure proper USGS understanding of the tool.
To provide a knowledge baseline, TDI started the day with a general overview of security vulnerabilities and intrusion detection. We then moved into a specific product overview, giving USGS details about the IDS tool they had purchased, including the IDS Manager, host-based agents, network-based agents, and the separate workstation/server instances of each. The product suite overview contained specific tool descriptions, as well as details of how the suite works together in an enterprise.
We then considered the unique USGS system requirements, network/system set-up (including any remote or VPN clients), threat posture, and pre-requisites to develop a specialized deployment and implementation plan. After presenting the plan to USGS and receiving their approval, we started with the actual product installation. We first installed the IDS Manager, setting up initial configuration for users, accounts, groups, and policies. We then installed the workstation agents and the server agents.
Throughout the installation process, we focused on ensuring that USGS personnel understood and were comfortable with the product. We familiarized them with reports, displays, tools, policies, administration, agent deployment, and Manager/agents updating. In addition, TDI prepared an extensive IDS training document uniquely tailored to the USGS and their environment. The document included an IDS overview, description of IDS techniques, our deployment strategy, recommended USGS audit settings, operating system-specific nuances, baseline data strategies, and IDS policy best-practices.
TDI's successful execution of host-based and network-based instruction detection installation at the USGS helped them achieve better security against malicious attacks from both internal and external sources. TDI ensured that the installation occurred successfully, and just as importantly, we focused on training USGS personnel and familiarizing them with the IDS product. The installation, along with the training, helped USGS to independently defend itself. In addition, USGS initiated the project after they purchased the IDS software, so TDI's assistance ensured that the government's spent money did not go to waste. Instead of the software collecting dust or having inefficient usage, the USGS successfully and efficiently utilized their IDS.