Re: Snort with IPSec

[Jason Haar <Jason.Haar () trimble co nz>]

On Tue, Nov 04, 2003 at 02:27:02PM -0600, Josh Berry wrote:
> Yes, we would be implementing IPSec all the way down to ALL desktops and
> servers.  All network communication would be through IPSec.


...then it's goodbye NIDS - hello HIDS!

Seriously, if you are going to do this, then network monitoring will be
almost impossible - you will have to focus on the host security itself.

BTW: this is affecting all of us even today. Who's running Active Directory?
Who's seen all that host-to-domain-controller traffic suddenly flick over to
IPSec? Who's be hit (like me) with trying to diagnose Active Directory
problems, only to find that the LDAP call is over TLS?

Microsoft has made everyone's lives harder - without making it less
buggy/more secure. Throwing encryption at problems doesn't make the inherent
problem go way... [mutter, mutter] 

BTW: I'm surprised they're allowed to ship such product - are countries such
as North Korea not allowed to run Win2K+ I suppose???


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users