Re: Network IDS

From: Steffen Kluge (kluge_at_fujitsu.com.au)
Date: 08/22/03

  • Next message: Steffen Kluge: "RE: Network IDS" 
    To: focus-ids@securityfocus.com
Date: Fri, 22 Aug 2003 11:53:08 +1000

    On Fri, 2003-08-22 at 00:42, Barry Fitzgerald wrote:
    > Andreas Krennmair wrote:
    > >Then a NIDS is not the right thing for you. Network Intrusion Detection
    > >is not about protecting systems.
    >
    > Now, the semantic argument that says that "NIDS is not about protecting
    > systems" basically states that NIDS is about protecting networks.
    > Factually, this is true - Host IDS is about protecting a *system* and
    > NIDS is about detecting intrusions over the network. But never, ever,
    > ever, ever forget that a network is composed of a group of systems.

    I believe Andreas' gripe was not with the word "systems" but with the
    word "protect". A NIDS *detects* intrusions (or more generally, unusual
    activity), but it cannot protect against them. It just informs you that
    they're happening, nothing more, nothing less.

    Of course, that information can aid *you* in taking steps to mitigate
    risks or eliminate threats before they become a problem. Most intrusions
    don't happen like a lightning bolt out of blue sky, they are usually
    preceded by activity NIDS sensors can spot (vulnerability scanning,
    random attacks against non-vulnerable systems, etc). Thus, if your NIDS
    spots the forebodings of intrusions it can give you the critical edge
    for protecting those vulnerable systems in time.

    Mind you, hybrid automatic systems do exist, such as combinations of
    NIDS detection engines and packet filters, but they wouldn't be
    correctly termed "NIDS".

    Cheers
    Steffen.

  • Next message: Steffen Kluge: "RE: Network IDS"

    Relevant Pages

    • Re: Network IDS
      ... Network Intrusion Detection ... to protect a single server/system with an NIDS sensor. ... the semantic argument that says that "NIDS is not about protecting ... NIDS is about detecting intrusions over the network. ...
      (Focus-IDS)
    • Re: Network IDS
      ... >> is not about protecting systems. ... > to protect a single server/system with an NIDS sensor. ... > someone deploying a sensor to detect network traffic based attacks. ... My view (as an ex-IDS vendor employee) is that the IDS isn't actively ...
      (Focus-IDS)
    • RE: Network IDS
      ... Subject: Network IDS ... >>Then a NIDS is not the right thing for you. ... >>Detection is not about protecting systems. ... A NIDS *detects* intrusions (or more generally, ...
      (Focus-IDS)
    • Re: Network IDS
      ... > How do we classify a NID that can automatically adjust firewall rules to ... There is a fundamental difference between NIDS and NIPS. ... >>NIDS is about detecting intrusions over the network. ... Modeled after the famous Black Hat event in Las Vegas! ...
      (Focus-IDS)
    • Re: ASIC-based vs. Software-based Security Platform
      ... With the emergence of network processors and the FPGA ... >>and the future direction of IDS. ... I can't say it's NIDS is as ... > new ASICs, however, there is a LOT of resistance to ...
      (Focus-IDS)