[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: RE: NIDS Testing Information..

To: osman_arslaner@agilent.com, ids@uow.edu.au
Subject: IDS: RE: NIDS Testing Information..
From: Bill Royds <broyds@home.com>
Date: Fri, 11 Aug 2000 17:32:38 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
Like anything else in security, you need to have an idea of the purposes of 
your NIDS before your use one, either for evaluation or production. 
  Here are some suggested questions about what you want to NIDS to do:
1. What kind of network traffic are we analysing by the NIDS?  Mainly local 
traffic? Mainly Internet traffic? Mainly short transactions Mainly large file 
transfers? etc.

2. What is the value of the traffic that we are trying to protect? Corporate 
secrets? E-commerce transactions? Web surfing by our employees?

3. What kind of network are we using? Hub based, switched, many segments, 
high speed, low speed, can be forced though throttle point ...?

4. What is purpose of NIDS? Detect external intrusions that get through 
firewall, detect internal violations of security policy, protect corporate 
crown jewels, cover the corporate ass...ets?

5. What kind of resources will we need to use it? Simple GUI for low level 
staff, high level security expert to analyse sophisticated attacks? Do you 
need a separate security network to connect monitoring stations to console?

Once you know what you want the NIDS to actually do, then you can evaluate a 
NIDS as to how well it does it. A NIDS that is very fast may not be able to 
give you great details about what it sees. A NIDS with great signature sets 
and sophisticated AI capabilities may have difficulty keeping up with your 
100Mb/s LAN.

   Just like any network planning, NIDS deployment needs a business case 
analysis.


-----Original Message-----
From: owner-ids@uow.edu.au [mailto:owner-ids@uow.edu.au]On Behalf Of
osman_arslaner@agilent.com
Sent: Thursday, August 10, 2000 18:19
To: ids@uow.edu.au
Subject: IDS: NIDS Testing Information..


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
Hello,

I have a couple of questions and will appreciate, if you can help me with
that:

We are planning to implement an NIDS and I am in the process of getting an
NIDS for evaluation and testing.

What kind of features should I be testing and what kind of test topology
(e.g firewalls etc.) should I
be using ?  Any help will be appreciated ?  Thanks.


Regards.

Osman Arslaner
Network Engineer
Tel: 650-857-5330
e-mail: osman_arslaner@agilent.com

Prev by Date: IDS: Re: NIDS Testing Information..
Next by Date: Re: [IDS: IDS Survey Paper]
Prev by thread: IDS: Re: NIDS Testing Information..
Next by thread: Re: [IDS: IDS Survey Paper]
Index(es):
- Date
- Thread