Firewall Wizards mailing list archives
Re: Intrusion Detection Systems, Best of breed?
From: "Robin S. Socha" <robin-dated-1009660818.ae9a65 () socha net>
Date: Wed, 26 Dec 2001 16:29:10 -0500
begin franks.exe <franks () nfr com> writes:
You know that the semantics of the discussion is missing an important factor a REAL life problem that mid-sized to large organizations have to deal with , SIZE/SCALE. It's great to picture the common IDS/NIDS/Honeypot for few choke points.
It's not great, it's the standard, "franks".
But what happens when you have to deal with +1000 servers, and many VPN/DMZ/Internet connections?
Then it's time to learn your network basics.
How do you analyze the data and make sense of tens of thousands of alerts, let alone false positives.
You don't. Not at once. You break them down into what you would possibly call "sizable chunks" aka subnets and deal with them.
Reality is that most companies will place IDS/HIDS/Honeypots on high profile segments and hope to net some bad guys, this produces great pie charts that a manager can appreciate.
Are those the categories you're thinking in? Then may heaven forbid that I'll ever be a user on one of your systems.
What is the becoming the most important in the Best of breed line up is scale? Who can scale, and how easy is it to scale? Next who can upgrade when upgrades of all sensors is required? Also let's throw quickly and efficiently into the deployment too?
You are confused, "franks". Very, very confused. And do not Cc: me. Ever. I'm on this list. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Intrusion Detection Systems, Best of breed?, (continued)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
- Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)
- RE: Intrusion Detection Systems, Best of breed? franks (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Robin S. Socha (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 27)
- Re: Intrusion Detection Systems, - Honeypots? R. DuFresne (Dec 28)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 28)
- Message not available
- Re: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 24)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 25)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)