Re: Categories of IDS

["Andy Cuff [Talisker]" <lists () securitywizardry com>]

Hi Jeff
> Looks good. Hope the TAPS page has info on channel bonding

Have you seen Intrusions taps they have a hub inbuilt so you don't
have to mess with the half duplex  outputs to make it full duplex. There is
an
issue with bandwidth in the 10/100 tap such that it can only handle 100Mb/s
total output ie 60 + 40 is okay but 60 + 50 will drop 10Mb/s I believe this
is
overcome with their 10/100/1000 tap.  I'm really impressed, they also have a
variant that will allow crafted resets to be inserted back into the traffic.
I feed the output into a dumb hub and then into multiple IDS.

-andy

Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message ----- 
From: <Jeffrey.Stebelton () bisys com>
To: "Andy Cuff [Talisker]" <lists () securitywizardry com>
Cc: <focus-ids () securityfocus com>
Sent: Thursday, December 04, 2003 8:24 PM
Subject: Re: Categories of IDS


> Looks good. Hope the TAPS page has info on channel bonding. Good site,
> thanks for taking the time to put all this together.
>
> Jeff Stebelton
> Manager, Network Security
> BISYS Network Security Group
> 614-470-8249 direct
> 614-203-2563 cell
>
>
>
> |---------+---------------------------->
> |         |           "Andy Cuff       |
> |         |           [Talisker]"      |
> |         |           <lists@securitywi|
> |         |           zardry.com>      |
> |         |                            |
> |         |           12/03/2003 03:43 |
> |         |           PM               |
> |         |           Please respond to|
> |         |           "Andy Cuff       |
> |         |           [Talisker]"      |
> |         |                            |
> |---------+---------------------------->
>
> ---------------------------------------------------------------------------
------------------------------------|
>   |
|
>   |       To:       <focus-ids () securityfocus com>
|
>   |       cc:
|
>   |       Subject:  Categories of IDS
|
> ---------------------------------------------------------------------------
------------------------------------|
> Hi,
> I really need to update the categories of IDS on my website.  They have
> developed substantially over the last few years and therefore I was
looking
> to drop the following pages:
>
> DROP
> Network Node IDS - Non Promiscuous network IDS.
> http://www.securitywizardry.com/nnids.htm
> Hybrid IDS - Host and Network Node IDS Combined.
> http://www.securitywizardry.com/hybrid.htm
>
> INTRODUCE
> Introducing Wireless IDS
> http://www.securitywizardry.com/Wids.htm removing them from
> http://www.securitywizardry.com/wireless.htm
>
> Long overdue Host IPS - Has anyone got a list that I can use for starters
> ??
>
> RESULTING IN
> Host IPS
> Network IPS
> Host IDS
> Network IDS
> File Integrity Checkers
> Honeypots
> Network Taps
> Security Consoles
> IDS Training
>
> Am I missing anything ?
> -andy
>
> Talisker Security Tools Directory
> http://www.securitywizardry.com
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-
> This email is confidential and intended solely for the use of the
> individual or entity to whom it is addressed.  If you have received this
> email in error please notify the system manager at mailadmin () bisys com and
> delete the email immediately.


---------------------------------------------------------------------------
---------------------------------------------------------------------------