Re: future of IDS

[Brent Huston <bhuston () netwalk com>]

Well, my opinion is that IDS will become imbedded in network switch
technology, or a common connection point will become available on the
switch to deploy IDS on.

Both situations have pros and cons, but I definatly see IDS becoming more
of a network appliance than current systems are today.

At 10:24 PM 10/14/98 , Colin Campbell wrote:
> Hi,
>
> (may show some ignorance here so be gentle :-)
>
> Our firewall sits between two networks. The "external" houses lots of
> internet-visible web servers, much as one would expect. The internal net
> houses intranet servers. Up until recently, these nets were just plain old
> hubs. They also suffered from consistent 10% collision rates. Everyone was
> hurting.
>
> Consequently, we replaced these hubs with switches. Network performance is
> great. No collisions, the machines that can talk at 100Mb do, all is well
> with the world. Well, almost. I tried snooping some traffic between two
> machines and when I saw nothing, the difference between hubs and switches
> suddenly dawned on me.
>
> Now, after all this preamble, I do actually have a question for the great
> minds to ponder. With the likelihood that more and more hubs are going to
> disappear and be replaced by switches, where does that leave the humble
> IDS that can no longer see all the traffic it needs to, to do its job?
>
> Colin
---
Brent Huston                                    bhuston () microsolved com
President                                               614-351-1237
MicroSolved                                     Fax: 614-351-9015
Information Security Consulting, Penetration Testing, Auditing
Internet Security Systems, Secure Computing, Axent Reseller

http://www.microsolved.com