Health Information Management

Tip: Consider the pros and cons of intrusion detection systems

HIM-HIPAA Insider, November 1, 2002

As you consider installing an intrusion detection system (IDS), take a quick check of your organization's needs and readiness to handle both the advantages and disadvantages of an IDS.

Advantages
Visibility.
An IDS provides a clear view of what's going on within your network. It is a valuable source of information about suspicious or malicious network traffic. There are few practical alternatives to an IDS that allow you to track network traffic in depth.

Defense. An IDS adds a layer of defense to your security profile, providing a useful backstop to some of your other security measures.

Response capabilities. Although they probably will be of limited use, you may want to enable some of the response features of the IDS. For instance, they can be configured to terminate a user session that violates policy. Obviously, you must consider the risks of taking this step, since you may accidentally terminate a valid user session. However, in certain cases it can be an important tool to prevent damage to the network.

Tracking of virus propagation. When a virus first hits your network, an IDS can tell you which machines it compromised, as well as how it is propagating through the network to infect other machines. This can be a great help in slowing or stopping a virus's progress and making sure you remove it.

Evidence. A properly configured IDS can produce data that can form the basis for a civil or criminal case against someone who misuses your network.

Drawbacks
More maintenance.
Unfortunately, an IDS does not replace a firewall, virus scan, or any other security measure. So when you install it, it will require additional maintenance effort and will not remove much, if any, of the existing burden.

False positives. IDSs are famous for setting off false positives-sounding the alarm when nothing is wrong. Although you can tweak the settings to reduce the number of false positives, you'll never completely eliminate the need to respond to false positives.

False negatives. IDSs can also miss intrusions. Technologies are improving, but IDSs don't al ways catch everything.

Staff requirements. Properly managing an IDS requires experienced staff. The less experienced your staff are, the more time they will spend responding to false positives. Therefore you will be creating not only more work for the IT department to handle, but more difficult work in some cases.

Editor's note: Adapted from the November 2002 issue of Healthcare Information Security.

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular