Firewall Wizards mailing list archives
Re: future of IDS
From: cfb <cfb () ocn21 kdd-ok ne jp>
Date: Sat, 17 Oct 1998 14:44:00 +0000
Colin Campbell wrote:
Hi, [...] Now, after all this preamble, I do actually have a question for the great minds to ponder. With the likelihood that more and more hubs are going to disappear and be replaced by switches, where does that leave the humble IDS that can no longer see all the traffic it needs to, to do its job?
Most switches have some sort of policy routing mechanism (and the higher end switches even have bandwidth management features, as well). I suppose that it is up the network network implementer to build a network capable of funneling interal corporate traffic though a choke point where an IDS system can effectively listen to all that it needs to. I thought that's what gigabit ethernet building backbones and VLANs were all about (and you thought the extra bandwidth was for carrying voice and video...). One thing is for sure: all switches are not created equally and some network architectures are more mature than others. Choose your weapons carefully. Personally, I'm not sure that I would want an IDS system paying attention to all the traffic generated internal to a single corporate office. The interest level starts becoming significant at inter-office communication level. Obviously all traffic external to the enterprise needs to be monitored. In my opinion, where things start getting interesting is when workgroups have highly disparate geographic locations. You may call me old school, but geographically disparate == the need to be monitored. Building a corporate IDS system, which might involve multiple, distributed IDS boxes all over the world connected by slow, uncovered communications is a significant undertaking (which is why people still earn a decent income doing it... "hard" is where the money is; in this business, though, "hard" seems to have a half life of about 5 years).
Current thread:
- Re: future of IDS, (continued)
- Re: future of IDS Bennett Todd (Oct 28)
- Re: future of IDS David LeBlanc (Oct 28)
- Re: future of IDS Gigi Sullivan (Oct 16)
- Re: future of IDS David Lang (Oct 19)
- RE: future of IDS Tupshin Harper (Oct 16)
- Re: future of IDS Adam Shostack (Oct 19)
- Re: future of IDS John Ladwig (Oct 23)
- RE: future of IDS Jonathan Rozes (Oct 19)
- Re: future of IDS Adam Shostack (Oct 19)
- Re: future of IDS Joseph S. D. Yao (Oct 19)
- Re: future of IDS NetSurfer (Oct 19)
- Re: future of IDS cfb (Oct 19)
- Re: future of IDS Vern Paxson (Oct 16)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Crispin Cowan (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Darren Reed (Oct 19)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 28)
- Re: future of IDS Doug Hughes (Oct 28)