IDS mailing list archives
Re: Changes in IDS Companies?
From: "A.S.Rajendran" <asraj () intotoinc com>
Date: Fri, 25 Oct 2002 14:35:58 +0530
There is no single solution for network security.One should use a combination of all to effectively secure the network.
Both NIDS and Inline IPS method has their particular strengths and weaknesses.Inline IPS has the ability to block the suspicious traffic. But it has performance penalties. NIDS cannot effectively block the traffic. But it will not degrade the network performance. We should use the positive points of both. Inline IPS method should be used to block traffic with protocol anomaly and to block some suspicious packet temporary by using signatures until some patch is available to the vulnerable services. NIDS can be used to monitor all the traffic and generate a log message for all suspicious packets. HIDS can be used for detecting repeated failed access attempts or changes to critical system files.
A.S.Rajendran, Project Leader, Intoto Software (I) pvt Ltd, Secunderabad, India. email: asraj () intotoinc com. web: www.intotoinc.com
> And there > always will be such attacks, furthermore. Conversely, HIDS has a much > easier time seeing a sudden change to a file that is not supposed to > change, and thus the argument for layers. Oh, don't get me wrong... I'm all for defense in depth. And while I agree that HIDS has some technological advantages over network based IDS, it also has serious management and cost disadvantages over them as well. I also think that network based IDS will close the securtiy gap a lot faster than HIDS will the management gap. Cost will probably stay about the same. Basically, organizations will run network based IDS everywhere and HIDS only on a few critical systems. And I think most IDS companies realize this, which is why everyone hypes their NIDS/NIPS and seems to be putting in a lot of $$$ into that technology and less so their HIDS. (I could be wrong about this one, it's just a gut feeling, I haven't done any studies or anything like that.)
Current thread:
- RE: Changes in IDS Companies?, (continued)
- RE: Changes in IDS Companies? Ralph Los (Oct 17)
- Re: Changes in IDS Companies? Jason Falciola (Oct 17)
- Re: Changes in IDS Companies? Eye Dius (Oct 17)
- Re: Changes in IDS Companies? Clint Byrum (Oct 17)
- Re: Changes in IDS Companies? Stephane Nasdrovisky (Oct 18)
- Re: Changes in IDS Companies? scottw (Oct 18)
- Re: Changes in IDS Companies? Clint Byrum (Oct 17)
- RE: Changes in IDS Companies? tcleary2 (Oct 17)
- FW: Changes in IDS Companies? Avi Chesla (Oct 22)
- Re: Changes in IDS Companies? Proxy Administrator (Oct 25)
- Re: Changes in IDS Companies? Aaron Turner (Oct 25)
- Re: Changes in IDS Companies? A.S.Rajendran (Oct 25)
- Re: Changes in IDS Companies? Aaron Turner (Oct 25)
- Re: Changes in IDS Companies? Matt Harris (Oct 28)
- Re: Changes in IDS Companies? Aaron Turner (Oct 28)
- Re: Changes in IDS Companies? Matt Harris (Oct 29)
- Re: Changes in IDS Companies? Aaron Turner (Oct 29)
- Re: Changes in IDS Companies? Matt Harris (Oct 31)
- Re: Changes in IDS Companies? J. Foobar (Oct 31)