IDS mailing list archives
Re: IDS and Bandwidth
From: Michael Boman <michael.boman () gmail com>
Date: Tue, 5 Jul 2005 16:38:26 +0800
On 5 Jul 2005 03:46:39 -0000, bhaskar.gupta () tcs com <bhaskar.gupta () tcs com> wrote:
Dear frendz I am working as an IDS operator in my company. Due to big size of the organisation, different IDS nodes are monitoring different centers through a central master node. Since there are lot of incidents ( including false positives ) generated across the organsation, there is a complaint from our networking team that IDS is consuming lot of bandwidth over networking I am really not able to figure out how much IDS can eat up network bandwidth. Please throw some light on this.
Hi bhaskar, While an IDS does not consume any bandwidth in the data acquisition mode itself, sending the alerts to a central server does take up some bandwidth - and the more data you need to send (alert size and frequency), the more bandwidth it consumes. You can limit this by having the alert collector (central server, as you call it) as close as possible to the IDS sensor (by using the notion of LAN bandwidth is cheaper then WAN bandwidth). I would also trim down as much of the alerts as you can that you really not interested in. Not only will it save bandwidth and storage, but the IDS will also work faster and better when it needs to care about less. However, don't remove too much because then you might miss something important. Depending on how timely you want the attacks on the alert collector you may want to investigate into traffic shaping between IDS sensor and alert collector, but be aware that less traffic available for sending alert data = longer latency before you get the bells and whistles activated on the alert console. Best regards Michael Boman -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS and Bandwidth bhaskar . gupta (Jul 04)
- Re: IDS and Bandwidth Tony Rall (Jul 05)
- Re: IDS and Bandwidth Fergus Brooks (Jul 05)
- Re: IDS and Bandwidth Michael Boman (Jul 05)
- Re: IDS and Bandwidth David W. Goodrum (Jul 05)
- Re: IDS and Bandwidth Mayank Bhatnagar (Jul 05)
- Re: IDS and Bandwidth Mark Teicher (Jul 05)
- <Possible follow-ups>
- RE: IDS and Bandwidth PPowenski (Jul 05)
- RE: IDS and Bandwidth MailTest (Jul 12)
- RE: IDS and Bandwidth THolman (Jul 13)
- RE: IDS and Bandwidth Nathan Davidson (Jul 15)
- RE: IDS and Bandwidth Michael Allgeier (Jul 17)
- Re: IDS and Bandwidth Tony Rall (Jul 05)