FAQ: See http://www.ticm.com/kb/faq/idsfaq.html IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems.. Then email questions to ids-owner@uow.edu.au NOTE: You MUST remove this line from reply messages as it will be filtered. SPAM: DO NOT send unsolicted mail to this list. USUB: email "unsubscribe ids" to majordomo@uow.edu.au --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Well since the list is starting to show signs of life I figured I'll fire something off ;-) Basically I've begun to evaluate IDS products....the problem that we are seeing is that we are in the world of fast ethernet and a switched topology with multiple VLANS. These two things do not work well with trying to implement an IDS product without getting a box for every broadcast domain (essentially a segment). My question is does anyone know of a solution that would not be cost prohibitive in this environment and one that would not degrade performance as well. We're looking at RealSecure, Network Ranger, and CyberCop. Any input or insight would be greatly beneficial to our analysis of IDS. I also go ahead and throw this into the arena...we're utilizing Kane for our NT Environment for Host Level IDS but the problem we run into is that it is consistently two to three days behind churning through all the logs. We have a very large scale NT environment and it is only going to continue to grow. What we are thinking about doing is setting up multiple auditor servers to try and split the load up. Jerry -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 Comment: http://www.jdixon.com iQEVAwUBNvOpfzBbe1Vt3kgLAQEWqggAslGXJZJ1dlaMEEAgsab0zge3FwFj1T2A 6NYRpbMHGv1pdQZp9XouWHq01WkrJpF7n/wO0ZK6+LKiKRS0ufX4SIyeMSMhEBoy wDnvN3cqgn8phDtivoxRJmDJjkXj1LFeX99ZM8yQlCBdr3Iepy26fukB1P2SZ316 NauO080wLTc4DGoWpuIq/wC5OiGeo16AzbTy7McdY6WjU90eiwT9gWYpGosUwJD4 FJTlKJt4MzMtoqvoUeMoqOPnoX48Ud+IR1TjUXcCYILXfsLDDmLYn0y0cdxT2y6+ HHGUnFMb71+JRMzWd2I8WOOgCtSreHfo7mkS4I0UyfDZwVUfxlYKYw== =kDFv -----END PGP SIGNATURE-----