IDS mailing list archives

RE: IDS and Bandwidth

From: THolman () toplayer com
Date: Tue, 12 Jul 2005 21:09:43 -0400

Hello Bhaskar,

You should look at segmenting your security/management network off,
assigning it to a different VLAN, and configuring QoS to give other VLANs
priority.  A few seconds here or there with respect to lag in your IDS won't
make much difference - security incidents will still be detected and
reported.
Another way to approach this would be to cut down on the Internet white
noise that your IDS is forced to report, and implement inline IPS devices at
key points within your network to cut down on the data the IDS devices have
to process.
This will have a marked effect - literally expect a 90-95% decrease in the
traffic your IDS has to process....

Regards,

Tim 



-----Original Message-----
From: bhaskar.gupta () tcs com [mailto:bhaskar.gupta () tcs com] 
Sent: 05 July 2005 04:47
To: focus-ids () securityfocus com
Subject: IDS and Bandwidth

Dear frendz

I am working as an IDS operator in my company. Due to big size of the
organisation, different IDS nodes are monitoring different centers through a
central master node. Since there are lot of incidents ( including false
positives ) generated across the organsation, there is a complaint from our
networking team that IDS is consuming lot of bandwidth over networking

I am really not able to figure out how much IDS can eat up network
bandwidth.

Please throw some light on this.  

cheers, Bhaskar

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

IDS and Bandwidth bhaskar . gupta (Jul 04)
- Re: IDS and Bandwidth Tony Rall (Jul 05)
  - Re: IDS and Bandwidth Fergus Brooks (Jul 05)
- Re: IDS and Bandwidth Michael Boman (Jul 05)
  - Re: IDS and Bandwidth David W. Goodrum (Jul 05)
- Re: IDS and Bandwidth Mayank Bhatnagar (Jul 05)
- Re: IDS and Bandwidth Mark Teicher (Jul 05)
- <Possible follow-ups>
- RE: IDS and Bandwidth PPowenski (Jul 05)
- RE: IDS and Bandwidth MailTest (Jul 12)
- RE: IDS and Bandwidth THolman (Jul 13)
- RE: IDS and Bandwidth Nathan Davidson (Jul 15)
- RE: IDS and Bandwidth Michael Allgeier (Jul 17)