Re: Fallacies and lies.

[Jason Haar <Jason.Haar () trimble co nz>]

I don't want to be seen to be standing up for Gartner - but one thing is
correct.

They say:

"They don't work at wire speeds. Most network-based IDS products don't detect
attacks in real time, and they can't handle the high speeds of internal
networks"

The last piece is correct - in a different context. If you want to start
pushing IDS "features" into your core INTERNAL network - then you really are
looking at IDS functionality within routers and switches - not extra boxes.

If you have 40 switches on your LAN - what would you prefer? 40 new IDS in
front of each, or switches that "do" IDS? What about the extra 70 Wireless
APs you have? You can't have them all sitting next to one IDS now can you...

Either switches add IDS functionality, or IDS needs to add switch
functionality ;-)


...or we all go to migrating to HIDS [that's where I think the future lies -
even IDS in switches can't handle IPSec]

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users