HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (11 Oct 2025)

GB/T 28454-2020 PDF English

US$845.00 · In stock · Download in 9 seconds
GB/T 28454-2020: Information technology - Security techniques - Selection, deployment and operation of intrusion detection and prevention systems (IDPS)
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

GB/T 28454: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 28454-2020English845 Add to Cart 0-9 seconds. Auto-delivery Information technology - Security techniques - Selection, deployment and operation of intrusion detection and prevention systems (IDPS) Valid
GB/T 28454-2012EnglishRFQ ASK 6 days Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 28454-2020
      

Similar standards

GB/T 28458   GB/T 28449   GB/T 28451   

GB/T 28454-2020: Information technology - Security techniques - Selection, deployment and operation of intrusion detection and prevention systems (IDPS)


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT28454-2020
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 28454-2012 Information technology - Security techniques - Selection, deployment and operation of intrusion detection and prevention system (IDPS) (ISO/IEC 27039.2015, MOD) Issued on. APRIL 28, 2020 Implemented on. NOVEMBER 01, 2020 Issued by. State Administration for Market Regulation; National Standardization Administration.

Table of Contents

Foreword... 3 Introduction... 6 1 Scope... 8 2 Normative references... 8 3 Terms and definitions... 9 4 Abbreviations... 15 5 Background... 16 6 General principles... 17 7 Selection... 18 7.1 Introduction... 18 7.2 Information security risk assessment... 18 7.3 Host or network IDPS... 19 7.4 Considerations... 20 7.5 Tools to supplement IDPS... 28 7.6 Scalability... 33 7.7 Technical support... 33 7.8 Training... 34 8 Deployment... 34 8.1 General... 34 8.2 Phased deployment... 36 8.3 NIDPS deployment... 36 8.4 HIDPS deployment... 39 8.5 Protection of IDPS information security... 40 9 Operations... 41 9.1 General... 41 9.2 IDPS tuning... 41 9.3 IDPS vulnerability... 42 9.4 Handling IDPS alarms... 42 9.5 Response options... 45 9.6 Legal considerations... 45 Appendix A (Informative) Intrusion detection and prevention systems (IDPS). Framework and issues to consider... 47 References... 71

Foreword

This standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard replaces GB/T 28454-2012 "Information technology - Security techniques - Selection, deployment and operation of intrusion detection and prevention system (IDPS)". Compared with GB/T 28454-2012, the main technical changes are as follows. - MODIFY the intrusion detection system IDS into the intrusion detection and prevention system (IDPS), bringing the intrusion prevention system IPS into the standard scope; - MODIFY the scope of the standard, adding the applicable objects of the standard (see Chapter 1; Chapter 1 of the 2012 edition); - MODIFY some terms and definitions, including "attack", "denial-of-service attack", "demilitarized zone", "intruder", "intrusion", "router", "switch", "Trojan horse", "attack signatures", "firewall", "host" "intrusion detection system", "intrusion prevention system", "provisioning", "detector", "test access point"; ADD some terms and definitions, including "distributed denial-of-service attack", "intrusion detection and prevention system", "virus" “virtual private network” “vulnerability” (see Chapter 3; Chapter 3 of the 2012 edition); - ADD some abbreviations, including AIDPS, DMZ, DDoS, DoS, IDPS, I/O, IODEF, HIDPS, SIEM, VPN; DELETE the abbreviations NIDS and SIM (see Chapter 4; Chapter 4 of the 2012 edition); - DELETE the introduction to the basic knowledge of IDPS in the background (see Chapter 5; Chapter 5 of the 2012 edition); - Due to the addition of the intrusion prevention system, MODIFY that "When organizations have security level requirements for IDS products, see GB/T 20275" into that "When organizations have security level requirements for IDPS products, see GB/T 20275 and GB/T 28451." (See 7.3.1; 7.2 of the 2012 edition); - ADD the considerations for IDPS selection in cloud computing environments (see 7.4.1, 7.4.2, 7.4.3, 7.4.5) and IDPS deployment methods in cloud environments, IDPS deployment methods in multi-level organizations, etc. (see 8.1); - MODIFY the "Confirmation of capabilities" into "Verification of capabilities" (see 7.4.5; 7.3.5 in the 2012 version); - MODIFY the SIEM function, adding the event correlation, event filtering, event aggregation (see 7.5.6; 7.4.6 of the 2012 version); - DELETE the relevant content about the introduction of IDS and IPS in the response (see 9.5.2). This standard uses the re-drafting method, to modify and adopt ISO/IEC 27039.2015 "Information technology - Security techniques - Selection, deployment and operations of intrusion detection and prevention systems (IDPS)". Compared with ISO/IEC 27039.2015, this standard adds Chapter 2 "Normative references" and Chapter 4 "Abbreviations" to the structure; rearranges the contents of 7.3.1 and 7.3.2. The technical differences between this standard and ISO/IEC 27039.2015 and their reasons are as follows. - ADD Chapter 2 "Normative references" and Chapter 4 "Abbreviations", mainly to maintain continuity with GB/T 28454-2012; - Delete the introduction to the basic knowledge of IDPS in the background of Chapter 3 (see Chapter 5), because this content is introduced in detail in Appendix A; - ADD that "When there are security level requirements for IDPS products, see GB/T 20275 and GB/T 28451", which is mainly to consider the security level protection requirements for IDPS products (see 7.3.1); - DELETE the relevant content about IDS and IPS in 7.5.2 (see 9.5.2). Since it includes the intrusion prevention system IPS into the scope of this standard, and the standard object is defined as the intrusion detection and prevention system IDPS, there is no need to introduce it separately; - ADD the considerations for IDPS selection in cloud computing environments (see 7.4.1, 7.4.2, 7.4.3, 7.4.5), as well as IDPS deployment in cloud environments and IDPS deployment in multi-level organizations, mainly because the deployment of IDPS in the current cloud computing environment also needs to consider related matters, whilst international standards do not consider this part (see 8.1). This standard has made the following editorial changes. - DELETE note for 3.8. Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying these patents. This standard was proposed by AND shall be under the jurisdiction of the National Information Security Standardization Technical Committee (SAC/TC 260). Drafting organizations of this standard. Shandong Provincial Institute of Standardization, China Network Security Review Technology and Certification Center, Shaanxi Provincial Network and Information Security Evaluation Center, Beijing Tianrongxin Network Security Technology Co., Ltd., Shandong Chonghong Information Technology Co., Ltd., Chengdu Qinchuan IoT Technological Co., Ltd. The main drafters of this standard. Wang Shuguang, Wang Qingsheng, Wang Fengjiao, Wei Jun, Gong Wei, Zhang Bin, Lai Yongjun, Yang Fan, Yang Rui, Lei Xiaofeng, Shao Zehua, Fan Hua, Zhu Lin, Gao Rui, Yang Xiangdong, Yang Bin, Quan Yaqiang, Lu Zheng, Chen Huiqin, Liu Kanxu, Yu Xiuyan, Hu Xinlei, Wang Dong, Pan Haiyan, Li Hongsheng. This standard replaces the standard previously issued as follows. - GB/T 28454-2012.

1 Scope

This standard gives guidance for organizations to deploy intrusion detection and prevention systems (IDPS). This standard details the selection, deployment, and operation of IDPS. This standard also provides the background information on which these guidelines are developed.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) is applicable to this standard. GB/T 18336 (all parts) Information technology - Security techniques - Evaluation criteria for IT security [ISO/IEC 15408 (all parts)]

3 Terms and definitions

The terms and definitions as defined in GB/T 29246-2017, as well as the following terms and definitions, apply to this document. A network device that connects a LAN at the OSI 2 layer to another LAN using the same protocol.

4 Abbreviations

The following abbreviations apply to this document.

5 Background

The purpose of deploying an intrusion detection and prevention system (IDPS) is to monitor, detect, record inappropriate, incorrect, suspicious or abnormal activities.

6 General principles

Considering the functions and limitations of IDPS (see Appendix A), organizations can combine host-based methods (including application monitoring) and network-based methods, to deal with various potential intrusions. The process of selecting, deploying, and operating IDPS within an organization is shown in Figure 1.Chapters 7 ~ 9 will describe the key steps in this process in detail.

7 Selection

The deployment of IDPS needs to be based on the organization's information security risk assessment and asset protection priorities. At the same time, when selecting IDPS, it needs to study the most effective method for IDPS to monitor the situation, that is, choose NIDPS and HIDPS to deploy together. first deploy NIDPS in stages (because NIDPS installation and maintenance are usually easiest), then deploy HIDPS on the key servers.

8 Deployment

As with HIDPS, trained operators need to use tested NIDPS in a controlled environment. Before fully deploying NIDPS, NIDPS sensors need to be tested at different locations, as shown in Figure 2 for details. At the same time, when deploying sensors, it is also necessary to balance the relationship between the cost of deployment and ongoing operation and the actual level of protection required.

9 Operations

After the IDPS is deployed, it is necessary to determine the alarm functions of the IDPS, when and how to use these functions, and ensure that these functions can be adjusted regularly. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 28454-2020 be delivered?

Answer: The full copy PDF of English version of GB/T 28454-2020 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 28454-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 28454-2020_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 28454-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Question 5: Should I purchase the latest version GB/T 28454-2020?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 28454-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

How to buy and download a true PDF of English version of GB/T 28454-2020?

A step-by-step guide to download PDF of GB/T 28454-2020_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 28454-2020".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9