Snort mailing list archives
RE: Fallacies and lies.
From: "Bob Walder" <bwalder () spamcop net>
Date: Thu, 6 Nov 2003 11:35:38 +0100
I am not saying they are wrong about WHERE IDS/IPS is going - it HAS to migrate to the core eventually - but to state that as of NOW IDS is dead and IPS is stillborn and that deep inspection firewalls can do everything that we want is downright irresponsible. Regards, Bob Walder ------------------------------------------------------------------------ ---------- This message is intended for the addressee only and may contain information that may be of a privileged or confidential nature. If you have received this message in error, please notify the sender and destroy the message immediately. Unauthorised use or reproduction of this message is strictly prohibited.
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Haar Sent: 06 November 2003 00:10 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Fallacies and lies. I don't want to be seen to be standing up for Gartner - but one thing is correct. They say: "They don't work at wire speeds. Most network-based IDS products don't detect attacks in real time, and they can't handle the high speeds of internal networks" The last piece is correct - in a different context. If you want to start pushing IDS "features" into your core INTERNAL network - then you really are looking at IDS functionality within routers and switches - not extra boxes. If you have 40 switches on your LAN - what would you prefer? 40 new IDS in front of each, or switches that "do" IDS? What about the extra 70 Wireless APs you have? You can't have them all sitting next to one IDS now can you... Either switches add IDS functionality, or IDS needs to add switch functionality ;-) ...or we all go to migrating to HIDS [that's where I think the future lies - even IDS in switches can't handle IPSec] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/sno>> rt-usersSnort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Fallacies and lies. Mark Penny (Nov 05)
- Re: Fallacies and lies. Edin Dizdarevic (Nov 05)
- <Possible follow-ups>
- RE: Fallacies and lies. Bob Walder (Nov 05)
- RE: Fallacies and lies. Rich Adamson (Nov 05)
- RE: Fallacies and lies. Bob Walder (Nov 05)
- Re: Fallacies and lies. Jason Haar (Nov 05)
- RE: Fallacies and lies. Bob Walder (Nov 06)
- Re: Fallacies and lies. Marc Quibell (Nov 06)