Service Desk: Creating a Culture of Learning Instead of an Education Policy

Ongoing certifications
Once you’ve successfully onboarded an employee or have current employees already at your AV business, it’s time to determine what types of certifications you want to make standard.

Maybe you have a set of three or four you think would be integral to your level 1 staff. Perhaps there are a few more for the level 2 staff. A mix of general skills, security and networking are a good baseline.

You may also want to add in project management, service management and focused technical training for level 2.

Some certifications will need to be refreshed periodically. Others are current if you get related certifications, while some will need updating as products change. You will need to decide what is relevant in your company.

Reward system
Now that your employee has invested the time and effort to achieve this knowledge, how are you rewarding them? Do you offer a pay bump after a certification? Do they get a badge, a special parking spot, or another spiff? Have something as an added benefit.

Rewards are an integral part of culture. Not all have to be monetary, but they do need to be meaningful.

Who pays for all this knowledge?
Education is part of your benefits package and should be regarded as such. Speak with your accountant about the potential benefits of covering these costs, as well as college as employee benefits.

Read More:  service desk job description

Intrusion Detection and Prevention System

The Intrusion Detection System (IDS) can be defined as an automated security and defense system detecting hostile activities on a network or on a computer ( host or node). In addition, IDS attempts to prevent such malicious activities or reports to the network administrator responsible for the environment. It is a second-line defense mechanism. This means that only when there is evidence of an intrusion/attack that its mechanisms are used. The first defensive line is one that will try to limit or prevent access to the environment, which can be, for example, a firewall. The IDS can present a form of response to some type of attack, working in conjunction with the first line of defense, for example, including rules on the firewall or blocking the session in question. You can also report the malicious activities found to other network nodes.

What is IDS and how it works

According to the concepts described in one of the basic articles on IDS (see references at the end), we can conceptualize intrusion detection as a process for monitoring events that occur in a computer system or in a network and aims to analyze possible incidents, possible violations or imminent violations of the security rules of this environment. Incidents can have several causes, from the action of malware (worms, spyware, etc.) to attacks aimed at the unauthorized gain of the environment in question.

The use of IDS as a prevention system can involve everything from alerts to the network administrator and preventive exams to the obstruction of a suspicious connection. That is, the intrusion detection process is to preventively identify and respond to suspicious activities that may interfere with the principles of integrity, reliability, and availability. In addition, IDS tools are able to distinguish where the attacks originated from, inside or outside the network in question. IDS generally scan local files for traces of unsuccessful attempts to connect to the machine, or even in the layers of the TCP / IP stack model below the application layer, such as changes in the IP protocol header fields.

Read More:    network intrusion prevention system

WHAT IS AN INTRUSION DETECTION AND PREVENTION SYSTEM (IDS)

An intrusion detection and prevention system is essential to help security professionals in detecting and responding to attacks and anomalies, and allows them to study the origin and structure of cyber attacks to create improved tools and processes that allow counteracting Future attacks

So what is an intrusion detection and prevention system?

It is one of the tools used to protect information management infrastructures. Denning (1987) clearly defines these systems as: "the elements that detect, identify and respond to unauthorized or abnormal activities."



The intrusion detection systems (IDS) were the first to appear, they are responsible for monitoring and detecting suspicious behavior and events both in host and network, in real time, then, these systems evolved to intrusion prevention systems (IPS ), which adopt a prevention and rapid response approach to suspicious events that occur, in addition to their analysis being often more complex. Today, these IDS and IPS systems are still found separately or in combination (IDS / IPS), depending on the implementation required.

 These systems can be implemented both on a network and on a particular host.


When deployed on host, they can monitor all traffic directed to a specific computer and unusual behaviors that occur in the system. When they are implemented in the network, they monitor all the traffic of the network and remain hidden from the attackers, while executing predefined actions before the attacks. There are also other categories for these systems, such as Wireless IDS / IPS that are implemented in wireless environments and Virtual IDS / IPS that are implemented in a virtual environment. The IDS / IPS base their operation by detecting events that coincide with those recorded in previously defined rule files or looking for unusual behavior patterns from data learned from what are considered normal activities performed on the network or host, that is, when Detect an activity that is not normally performed or that a user who connects during the day suddenly connects at dawn, will take it as unusual or suspicious behavior.