IDS mailing list archives
RE: IDS and NMS
From: Mayank-Bhatnagar <mayank () ncb ernet in>
Date: Wed, 18 Jun 2003 09:33:22 +0530 (IST)
hi Terrence, Thanks for your reply, yeah it seems to suggest that an Event Aggregator which is sitting between NMS and other products liek A/V, IDS, FW etc could help in integrating the different architectures/technologies. We surely need to look into the possibilities and research directions into such type of Event Aggregator. I feel one requirement could be as you mentioned to come out of a standard protocol which could speak same language. This standard needs to be identified. I would just like to add. Iw perhaps industry could use/appreciate IDXP (Intrusion Detection Exchange Protocol), things would be easy. Thanks Terence. bye Mayank On Fri, 13 Jun 2003, Terence Runge wrote:
Interesting questions that could be answered by integrating the event aggregator with the NMS. A flexible event aggregator in a distributed envirnonment would allow for data feeds from many devices using multiple protocols, such as post office, xml over tcp, snmp, syslog, etc. In doing so, the analyst is provided the ability to complete four very important tasks; monitor, alert, report, and investigate. ---- ---------------- | A/V | |NMS| - |Event Aggregator| - |Firewall | ---- ---------------- | IDS | | | ACS | ------------- |Integrity| |System Checks| | etc. | ------------- Something to consider in contrast to the one-off approach. Terence -----Original Message----- From: Mayank-Bhatnagar [mailto:mayank () ncb ernet in] Sent: Friday, June 13, 2003 8:21 AM To: focus-ids () securityfocus com Subject: IDS and NMS hi folks, Well there is this issue that I would like to put to the group. "Requirement of an interface of an IDS with an already installed Network Management System". Let me state it like this, If we have a managed IDS product it might have its own management console and its own configurations, server etc. However an organisation which is running a NMS might wish to incorporate IDS, its features on the NMS itself and might not wish to invest on another Management Console. There are some products like HP-OPen View which incorporate IDS in their feature set.But this scenario is different in the sens that one has build a NMS and also provided IDS functionality using SNMP. The other case is where an independent IDS solution (independent of SNMP), getting incorporated in a NMS. How much is this a viable solution or whether such requirement could exist, and if yes, what could be implications of same? As far as I know, top notch IDS products dont have any integration with NMS, Some do send traps (which could be a minimal part of IDS ie sending alerts to IDS management console as well as NMS) Hope I am clear enough..... Waiting for some views...... thanks and regards, Mayank ---------------------------------------------------------------------------- -------- P.N.: The views expressed in this mail are solely the personal opinion of the mailer ---------------------------------------------------------------------------- --- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 ---------------------------------------------------------------------------- ---
------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- RE: IDS and NMS Terence Runge (Jun 14)
- RE: IDS and NMS Mayank-Bhatnagar (Jun 18)