Firewall Wizards mailing list archives
Re: Intrusion Detection Systems, Best of breed?
From: "Talisker" <talisker () networkintrusion co uk>
Date: Mon, 24 Dec 2001 10:29:21 -0000
Hi all, Ofir is absolutely right (as always) the IDS defence in depth approach is best, I steered clear of it in my original post so as not to confuse too much, (but NIDS is still the IDS of choice and offers more hits per pound) HIDS is extremely valuable but needs more TLC than a NIDS, (hmm depending upon how much control you have over how the host monitored is configured) AIDS are also a very nice tool the main HIDS I have played with has it built in, with some heuristics thrown in for good measure. When looking to deploy HIDS and NIDS it's worth considering Hybrid IDS which combine the 2 at host level, though there are very few products offering this. A very important consideration these days is Network Node IDS which is basically a central reporting personal firewall. The USAF have reportedly just purchased 500,000 of them for their desktops. To reduce cost I would suggest only placing these on servers. Ron said, "They tend to be noisy little beasts, that send out false alarms and positives till your security staff goes numb" I agree but I still like to see a NIDS outside the firewall, not necessarily to react to, but for stats to spot changing trends and also for the security staff to see the threat. Though given an "either or" choice I'd always opt for inside the firewall. Marcus said about HIDS "(what happens when the underlying O/S crashes from a DOS attack?) " then you can bring in a network management tool that pings your critical devices periodically, once again it's just another piece of information in that defence in depth scenario. NOTE I'm still not advocating SNMP <v3 take care -andy http://www.networkintrusion.co.uk _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Intrusion Detection Systems, Best of breed? ROB SLAUGHTER (Dec 14)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 22)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 23)
- RE: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Stephen P. Berry (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 23)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
- Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)
- RE: Intrusion Detection Systems, Best of breed? franks (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Robin S. Socha (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)