IDS: Network Intrusion Detection

Jerry Dixon Jr (jerry@jdixon.com)
Sat, 20 Mar 1999 08:58:32 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jerry Dixon Jr: "RE: IDS: Network Intrusion Detection"
Previous message: Michael G. Reed: "Re: Intro (was: Re: IDS: please try give appropriate subject names)"
Next in thread: Lister, Justin: "Re: IDS: Network Intrusion Detection"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Well since the list is starting to show signs of life I figured I'll
fire something off ;-)

Basically I've begun to evaluate IDS products....the problem that we
are seeing is that we are in the world of fast ethernet and a switched
topology with multiple VLANS.  These two things do not work well with
trying to implement an IDS product without getting a box for every
broadcast domain (essentially a segment).  My question is does anyone
know of a solution that would not be cost prohibitive in this
environment and one that would not degrade performance as well.  We're
looking at RealSecure, Network Ranger, and CyberCop.  Any input or
insight would be greatly beneficial to our analysis of IDS.  
	I also go ahead and throw this into the arena...we're utilizing Kane
for our NT Environment for Host Level IDS but the problem we run into
is that it is consistently two to three days behind churning through
all the logs.  We have a very large scale NT environment and it is
only going to continue to grow.  What we are thinking about doing is
setting up multiple auditor servers to try and split the load up.    

Jerry
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: http://www.jdixon.com

iQEVAwUBNvOpfzBbe1Vt3kgLAQEWqggAslGXJZJ1dlaMEEAgsab0zge3FwFj1T2A
6NYRpbMHGv1pdQZp9XouWHq01WkrJpF7n/wO0ZK6+LKiKRS0ufX4SIyeMSMhEBoy
wDnvN3cqgn8phDtivoxRJmDJjkXj1LFeX99ZM8yQlCBdr3Iepy26fukB1P2SZ316
NauO080wLTc4DGoWpuIq/wC5OiGeo16AzbTy7McdY6WjU90eiwT9gWYpGosUwJD4
FJTlKJt4MzMtoqvoUeMoqOPnoX48Ud+IR1TjUXcCYILXfsLDDmLYn0y0cdxT2y6+
HHGUnFMb71+JRMzWd2I8WOOgCtSreHfo7mkS4I0UyfDZwVUfxlYKYw==
=kDFv
-----END PGP SIGNATURE-----

Next message: Jerry Dixon Jr: "RE: IDS: Network Intrusion Detection"
Previous message: Michael G. Reed: "Re: Intro (was: Re: IDS: please try give appropriate subject names)"
Next in thread: Lister, Justin: "Re: IDS: Network Intrusion Detection"