[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: Re: Host based intrusion detection

To: Christopher Vaughn <cvaughn@isig.net>
Subject: IDS: Re: Host based intrusion detection
From: "N. Ganesh" <ganeshn@bom5.vsnl.net.in>
Date: Tue, 11 May 1999 22:17:11 +0530
CC: ids@uow.edu.au
References: <01BE9B37.02D9D750@fireball.isig.private>
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

hi chistopher,

i do agree that the switches have to support "many-to-one" mirroring, to support deploying an IDS on a single switch port. but this adds a lot of traffic load to the switch backplane, as traffic from multiple ports have to be mirrored onto one port.

alternatively, i hear that some IDS vendors have come out with host based IDS agents. have u checked out any of them, for e.g. ISS RealSecure host agent.. how do they compare with std. network based IDS agents ? any ideas..

thanx and regds,

NG

Christopher Vaughn wrote:

> Deploying IDS in a switched environment has more to do with the capabilities of your switch. Of the switches I have worked with the Cisco and the Bay switches allow for "many to one" mirroring. This allows you to mirror traffic from specific ports to the port allocated to the IDS system. Other than this its fairly straight forward.
>
> ----------------------------------------------------------------------------------------------------
> Christopher Vaughn
>
> -----Original Message-----
> From:   N. Ganesh [SMTP:ganeshn@bom5.vsnl.net.in]
> Sent:   Sunday, May 02, 1999 3:29 AM
> To:     ids@uow.edu.au
> Subject:        IDS: Host based intrusion detection
>
> FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
> NOTE: You MUST remove this line from reply messages as it will be filtered.
> SPAM: DO NOT send unsolicted mail to this list.
> USUB: email "unsubscribe ids" to majordomo@uow.edu.au
> ---------------------------------------------------------------------------
>
> Dear all,
>
> I am Niki Gan, working on Network Security Systems.
>
> I would appreciate your feedback on host-based intrusion detection
> systems, and your experience in deploying them in a switched network
> environment.
>
> Thanx,
>
> With Warm Regards,
>
> Niki

--
#####################################################

N. Ganesh
Account Manager - RADAR (Information Security Group),
Ramco Systems,
Unit No.4, C Wing,
Solaris I, Opp. Larsen & Toubro Gate-6
Powai, Mumbai - 400 072

Phone:  91-22-857 1781
Fax:    91-22-857 1782
Mobile: 098211-37551
Email : ganeshn@vsnl.com

#####################################################

Prev by Date: Re: IDS: Real-world experience
Next by Date: RE: IDS: Computer Security - Long message
Prev by thread: IDS: Last CFP: RAID99 - Recent Advances in Intrusion Detection
Next by thread: IDS: Fw: NON Flashable EPROM's INFO
Index(es):
- Date
- Thread