IDS mailing list archives
RE: IDS and NMS
From: Terence Runge <Terence.Runge () veritas com>
Date: Fri, 13 Jun 2003 13:32:10 -0700
Interesting questions that could be answered by integrating the event aggregator with the NMS. A flexible event aggregator in a distributed envirnonment would allow for data feeds from many devices using multiple protocols, such as post office, xml over tcp, snmp, syslog, etc. In doing so, the analyst is provided the ability to complete four very important tasks; monitor, alert, report, and investigate. ---- ---------------- | A/V | |NMS| - |Event Aggregator| - |Firewall | ---- ---------------- | IDS | | | ACS | ------------- |Integrity| |System Checks| | etc. | ------------- Something to consider in contrast to the one-off approach. Terence -----Original Message----- From: Mayank-Bhatnagar [mailto:mayank () ncb ernet in] Sent: Friday, June 13, 2003 8:21 AM To: focus-ids () securityfocus com Subject: IDS and NMS hi folks, Well there is this issue that I would like to put to the group. "Requirement of an interface of an IDS with an already installed Network Management System". Let me state it like this, If we have a managed IDS product it might have its own management console and its own configurations, server etc. However an organisation which is running a NMS might wish to incorporate IDS, its features on the NMS itself and might not wish to invest on another Management Console. There are some products like HP-OPen View which incorporate IDS in their feature set.But this scenario is different in the sens that one has build a NMS and also provided IDS functionality using SNMP. The other case is where an independent IDS solution (independent of SNMP), getting incorporated in a NMS. How much is this a viable solution or whether such requirement could exist, and if yes, what could be implications of same? As far as I know, top notch IDS products dont have any integration with NMS, Some do send traps (which could be a minimal part of IDS ie sending alerts to IDS management console as well as NMS) Hope I am clear enough..... Waiting for some views...... thanks and regards, Mayank ---------------------------------------------------------------------------- -------- P.N.: The views expressed in this mail are solely the personal opinion of the mailer ---------------------------------------------------------------------------- --- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- RE: IDS and NMS Terence Runge (Jun 14)
- RE: IDS and NMS Mayank-Bhatnagar (Jun 18)