RE: IDS and NMS

[Mayank-Bhatnagar <mayank () ncb ernet in>]

hi Terrence,

Thanks for your reply, yeah it seems to suggest that an Event Aggregator
which is sitting between NMS and other products liek A/V, IDS, FW etc
could help in integrating the different architectures/technologies.

We surely need to look into the possibilities and research directions into
such type of Event Aggregator.

I feel one requirement could be as you mentioned to come out of a standard
protocol which could speak same language. This standard needs to be
identified.

I would just like to add. Iw perhaps industry could use/appreciate IDXP
(Intrusion Detection Exchange Protocol), things would be easy.

Thanks Terence.
bye
Mayank












On Fri, 13 Jun 2003, Terence Runge wrote:

> Interesting questions that could be answered by integrating the event
> aggregator with the NMS. A flexible event aggregator in a distributed
> envirnonment would allow for data feeds from many devices using multiple
> protocols, such as post office, xml over tcp, snmp, syslog, etc. In doing
> so, the analyst is provided the ability to complete four very important
> tasks; monitor, alert, report, and investigate.
>
> ----     ----------------    |  A/V    |
> |NMS| - |Event Aggregator| - |Firewall |
> ----     ----------------    |  IDS    |
>   |                          |  ACS    |
>   -------------              |Integrity|
>  |System Checks|             |   etc.  |
>   -------------
>
> Something to consider in contrast to the one-off approach.
>
> Terence
>
>
> -----Original Message-----
> From: Mayank-Bhatnagar [mailto:mayank () ncb ernet in]
> Sent: Friday, June 13, 2003 8:21 AM
> To: focus-ids () securityfocus com
> Subject: IDS and NMS
>
>
> hi folks,
>
> Well there is this issue that I would like to put to the group.
> "Requirement of an interface of an IDS with an already installed Network
> Management System".
>
> Let me state it like this, If we have a managed IDS product it might have
> its own management console and its own
> configurations, server etc.
>
> However an organisation which is running a NMS might wish to incorporate
> IDS, its features on the NMS itself and might
> not wish to invest on another Management Console.
>
> There are some products like HP-OPen View which incorporate IDS in their
> feature set.But this scenario is different
> in the sens that one has build a NMS and also provided IDS functionality
> using SNMP. The other case is where an independent
>  IDS solution (independent of SNMP), getting incorporated in a NMS.
>
> How much is this a viable solution or whether such requirement could exist,
> and if yes, what could be implications of same?
> As far as I know, top notch IDS products dont have any integration with NMS,
> Some do send traps (which could be a
> minimal part of IDS ie sending alerts to IDS management console as well as
> NMS)
>
> Hope I am clear enough.....
>
> Waiting for some views......
>
> thanks and regards,
> Mayank
>
>
>
>
> ----------------------------------------------------------------------------
> --------
> P.N.: The views expressed in this mail are solely the personal opinion of
> the mailer
>
>
>
> ----------------------------------------------------------------------------
> ---
> INTRUSION PREVENTION: READY FOR PRIME TIME?
>
> IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
> - including intrusion identification, relevancy, direction, impact and
> analysis
> - enabling a path to prevention.
>
> Download the latest white paper "Intrusion Prevention: Myths, Challenges,
> and Requirements" at:
> http://www.securityfocus.com/IntruVert-focus-ids2
> ----------------------------------------------------------------------------
> ---


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------