Firewall Wizards mailing list archives
Re: future of IDS
From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
Date: Fri, 16 Oct 1998 16:00:15 -0400 (EDT)
Now, after all this preamble, I do actually have a question for the great minds to ponder. With the likelihood that more and more hubs are going to disappear and be replaced by switches, where does that leave the humble IDS that can no longer see all the traffic it needs to, to do its job?
Some switches claim to have a "monitor" port for just this purpose. But if two segments are communicating with two other segments flat out at a significant portion of 100 Mb, how are you going to capture all that? You may need to have a monitor on each segment, and [depending on the spare bandwidth on your primary network] perhaps a separate back-end network over which the IDS systems will communicate. Progress is not necessarily inexpensive. ;-/ -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: future of IDS, (continued)
- Message not available
- Re: future of IDS Bennett Todd (Oct 23)
- Re: future of IDS Dominique Brezinski (Oct 27)
- Re: future of IDS Bennett Todd (Oct 28)
- Re: future of IDS David LeBlanc (Oct 28)
- Re: future of IDS David Lang (Oct 19)
- Re: future of IDS Adam Shostack (Oct 19)
- Re: future of IDS John Ladwig (Oct 23)
- RE: future of IDS Jonathan Rozes (Oct 19)
- Re: future of IDS Stephen P. Gibbons (Oct 19)
- Re: future of IDS Crispin Cowan (Oct 23)
- Re: future of IDS Stephen P. Gibbons (Oct 23)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 28)
- Re: future of IDS Doug Hughes (Oct 28)