OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: IDS: future of IDS
From: Drew Simonis (dsimonisfiderus.com)
Date: Mon Oct 30 2000 - 14:31:03 CST

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Imran Ismail Shaikh wrote:
>
> Hi,
> I am doing a research on IDS for high speed networks. To conclude my work
> I am just curious and very much interested to know what security experts
> here on this list have to say about the future of Intrusion
> detection in this environment.
> Where do u think IDS would be in future knowing the limitations and
> effectiveness of Network based and Host based IDS in high speed networks
> where performance is a big issue.

What do you consider high speed? I know that there are plenty of
IDS out there that can capture at up to at least 100mb ethernet, but
you might consider that slow. My guess would be that processing power
will continue to outpace wire speeds. As long as this holds true,
I see at least NIDS as a viable solution for some time to come.

I see a major threat to host based IDS, mainly because not alot of
companies do it correctly in the first place, and secondly since
the host will be doing other things (HTTPD, SMTP, etc) and most
companies are not that agressive in updating these types of hardware.
As the processors of these machines lag behind state of the art, and
as LAN speeds creep up towards what most consider "high speed", the
ability of a host system to keep up decreases.