IDS mailing list archives

RE: IDS and NMS

From: Terence Runge <Terence.Runge () veritas com>
Date: Fri, 13 Jun 2003 13:32:10 -0700
Interesting questions that could be answered by integrating the event
aggregator with the NMS. A flexible event aggregator in a distributed
envirnonment would allow for data feeds from many devices using multiple
protocols, such as post office, xml over tcp, snmp, syslog, etc. In doing
so, the analyst is provided the ability to complete four very important
tasks; monitor, alert, report, and investigate.

----     ----------------    |  A/V    |
|NMS| - |Event Aggregator| - |Firewall |
----     ----------------    |  IDS    |
  |                          |  ACS    |
  -------------              |Integrity|            
 |System Checks|             |   etc.  |
  -------------

Something to consider in contrast to the one-off approach.

Terence


-----Original Message-----
From: Mayank-Bhatnagar [mailto:mayank () ncb ernet in]
Sent: Friday, June 13, 2003 8:21 AM
To: focus-ids () securityfocus com
Subject: IDS and NMS


hi folks,

Well there is this issue that I would like to put to the group.
"Requirement of an interface of an IDS with an already installed Network
Management System".

Let me state it like this, If we have a managed IDS product it might have
its own management console and its own
configurations, server etc.

However an organisation which is running a NMS might wish to incorporate
IDS, its features on the NMS itself and might
not wish to invest on another Management Console.

There are some products like HP-OPen View which incorporate IDS in their
feature set.But this scenario is different
in the sens that one has build a NMS and also provided IDS functionality
using SNMP. The other case is where an independent
 IDS solution (independent of SNMP), getting incorporated in a NMS.

How much is this a viable solution or whether such requirement could exist,
and if yes, what could be implications of same?
As far as I know, top notch IDS products dont have any integration with NMS,
Some do send traps (which could be a
minimal part of IDS ie sending alerts to IDS management console as well as
NMS)

Hope I am clear enough.....

Waiting for some views......

thanks and regards,
Mayank




----------------------------------------------------------------------------
--------
P.N.: The views expressed in this mail are solely the personal opinion of
the mailer



----------------------------------------------------------------------------
---
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and
analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges,
and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
----------------------------------------------------------------------------
---

-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Current thread:

RE: IDS and NMS Terence Runge (Jun 14)
- RE: IDS and NMS Mayank-Bhatnagar (Jun 18)