Re: Changes in IDS Companies?
From: A.S.Rajendran (asraj@intotoinc.com)Date: 10/25/02
- Previous message: Proxy Administrator: "Re: Changes in IDS Companies?"
- Maybe in reply to: Samuel Cure: "Changes in IDS Companies?"
- Next in thread: Aaron Turner: "Re: Changes in IDS Companies?"
- Reply: Aaron Turner: "Re: Changes in IDS Companies?"
- Reply: Matt Harris: "Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Oct 2002 14:35:58 +0530 To: focus-ids@securityfocus.com From: "A.S.Rajendran" <asraj@intotoinc.com>
There is no single solution for network security.One should use a
combination of all to effectively secure the network.
Both NIDS and Inline IPS method has their particular strengths and weaknesses.
Inline IPS has the ability to block the suspicious traffic. But it has
performance penalties. NIDS cannot effectively block the traffic. But it
will not degrade the network performance. We should use the positive points
of both.
Inline IPS method should be used to block traffic with protocol anomaly
and to block some suspicious packet temporary by using signatures until
some patch is available to the vulnerable services. NIDS can be used to
monitor all the traffic and generate a log message for all suspicious
packets. HIDS can be used for detecting repeated failed access attempts or
changes to critical system files.
A.S.Rajendran,
Project Leader,
Intoto Software (I) pvt Ltd,
Secunderabad, India.
email: asraj@intotoinc.com.
web: www.intotoinc.com
> > And there
> > always will be such attacks, furthermore. Conversely, HIDS has a much
> > easier time seeing a sudden change to a file that is not supposed to
> > change, and thus the argument for layers.
>
>Oh, don't get me wrong... I'm all for defense in depth. And while I agree
>that HIDS has some technological advantages over network based IDS, it also
>has serious management and cost disadvantages over them as well. I also
>think that network based IDS will close the securtiy gap a lot faster
>than HIDS will the management gap. Cost will probably stay about the same.
>
>Basically, organizations will run network based IDS everywhere and HIDS only
>on a few critical systems. And I think most IDS companies realize this,
>which is why everyone hypes their NIDS/NIPS and seems to be putting in a lot
>of $$$ into that technology and less so their HIDS. (I could be wrong about
>this one, it's just a gut feeling, I haven't done any studies or anything
>like that.)
- Previous message: Proxy Administrator: "Re: Changes in IDS Companies?"
- Maybe in reply to: Samuel Cure: "Changes in IDS Companies?"
- Next in thread: Aaron Turner: "Re: Changes in IDS Companies?"
- Reply: Aaron Turner: "Re: Changes in IDS Companies?"
- Reply: Matt Harris: "Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
