OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
IDS Archives: Re: IDS: IDS Strengths / Weaknesses

Re: IDS: IDS Strengths / Weaknesses

Subject: Re: IDS: IDS Strengths / Weaknesses
From: Troy Billington (doshelpbellsouth.net)
Date: Fri Jan 14 2000 - 10:43:10 CST

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
--------------------------------------------------------------------------- 

---
Date sent:      	Fri, 14 Jan 2000 14:45:33 +0200
From:           	Gushterul <emildtdhp.transdata.ro>
Send reply to:  	emildtdhp.transdata.ro
To:             	Jon Speer <speertripwiresecurity.com>
Copies to:      	"'idsuow.edu.au'" <idsuow.edu.au>
Subject:        	Re: IDS: IDS Strengths / Weaknesses

> Can somebody give me a lista with some good IDS's?
> 
> Gushterul
> 
> Jon Speer wrote:
> 
> >
> >
> > Hi all,
> >
> > Without getting into an overall "which is best" (obviously a flawed
> > question), I am wondering if anyone has seen / done research into
> > which types/brands of IDS are more appropriate for particular network
> > segments/NOS's/services?  I am of the opinion that no vendor has a
> > complete solution, and that some amount of overlap of technologies and
> > implementations of those technologies is prudent (probably from
> > knowing enough people that have demonstrated the ability to write
> > custom code in only a few hours to break the combination of security
> > and servers at a particular site if they knew what was there).  But
> > obviously few could afford to have every product covering every
> > server, so one must use some factors to determine which NIDS product
> > is outside the firewall, which is in the DMZ, which is in the internal
> > network, which is covering the nameserver, the mailserver, etc (I am
> > thinking of some combination of Shadow, NFR, RealSecure, Black Ice,
> > and Dragon, but open to others).  Perhaps certain services really need
> > a combination to get (closer to) total coverage more than others?
> >
> > I have taken to combining multiple host-based IDS systems for much the
> > same reason, and wondering if anyone has done any particular research
> > there?  This is especially critical with hosted servers, where the
> > hosting facility controls the network security but I would still like
> > at least 1 or 2 products (in addition to Tripwire, of course ;-)  for
> > monitoring ports and audit log activity.  There I am much more
> > concerned about compatibility of products from different vendors (and
> > it is important that they are different vendors with similar
> > functionality for overlap).
> >
> > Are there firewall combinations that have proven particularly strong?
> > Seems to me this would probably just raise the risk of problems more
> > than increase actual security.
> >
> > Thanks,
> >
> > Jon Speer
> > Tripwire, Inc.
> 

I'm going to be adding more IDS packages for various operating 
systems/network application to one of my pages at 
http://www.doshelp.com/protection.htm

            Troy Billington <doshelpdoshelp.com>                 
              Denial of Service Attack Prevention
               intrusion reporting, spam investigation
                    http://www.doshelp.com

This archive was generated by hypermail 2b27 : Sat Jan 15 2000 - 00:24:59 CST