Mike Hrubes wrote:
>
> Hi all,
>
> I'm new to the IDS world. I understand what an IDS does, and why you
> need it, but I have some questions on the technical aspect of IDS. We
> are planning on implementing an IDS in the near future. The idea that
> has been proposed is to put the IDS in the path between connections,
> rather than connected in promiscuous mode. The reason they want to do
> this is so they can also run a blocking software, like portsentry, to
> block unwanted scans, etc.

Isn't this the way that a Cisco router with IDS feature set installed
works? Personally, I don't like the idea of introducing more
complication into the network. Whereas running the IDS feature set
on a IOS device adds functionality to an existing network unit, this
solution brings us a new target. I much prefer using IDS in a silent
configuration in such a way that it cannot become a target to the
attacker.

I'm also not sure why running something like portsentry would preclude
you from using a promiscuous type IDS. Can you clarify?

-Ds

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]