Firewall Wizards mailing list archives
Re: future of IDS
From: Dominique Brezinski <dom_brezinski () securecomputing com>
Date: Thu, 10 Sep 1998 12:38:07 -0700
At 12:24 PM 10/15/98 +1000, Colin Campbell wrote:
Now, after all this preamble, I do actually have a question for the great minds to ponder. With the likelihood that more and more hubs are going to disappear and be replaced by switches, where does that leave the humble IDS that can no longer see all the traffic it needs to, to do its job?
Many switches support the concept of a management or monitoring port. A management port receives data destined to or sent from any port on the switch, therefore a sniffer or IDS can be plugged into it and still be affective. Some switches allow any port to be configured this way, while most have a specific port that can be allocated to this task. Another alternative is to put the IDS data collection component on the switch, which has already been done and is available commercially. Many switches are just specialized general purpose computing devices, and they tend to have reasonable amounts of memory and fast processors. The point you bring up is one of the objections to network-based ID that may host-based IDS proponents bring up. Obviously host-based IDS does not suffer in highly segmented networks. A highly segmented network can still fully support network ID *if* it is architected to do so and the equipement deployed has the right feature sets. I am not taking sides yet, because both network and host based ID have limitations in the current commercial marketplace. Dominique Brezinski CISSP (612)628-5378 Secure Computing http://www.securecomputing.com
Current thread:
- Re: future of IDS, (continued)
- Re: future of IDS NetSurfer (Oct 19)
- Re: future of IDS cfb (Oct 19)
- Re: future of IDS Vern Paxson (Oct 16)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Crispin Cowan (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Darren Reed (Oct 19)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 28)
- Re: future of IDS Doug Hughes (Oct 28)
- RFC blitzkreig server dreamwvr (Oct 23)
- Re: future of IDS Owen O'Connor (Oct 23)
- Re: future of IDS David Lang (Oct 23)
- Re: future of IDS Ken Hardy (Oct 27)