Re: Categories of IDS

Jeffrey.Stebelton_at_bisys.com
Date: 12/04/03

  • Next message: edward gonzales: "RE: Symantec Manhunt"
    To: "Andy Cuff [Talisker]" <lists@securitywizardry.com>
    Date: Thu, 4 Dec 2003 15:24:24 -0500
    
    

    Looks good. Hope the TAPS page has info on channel bonding. Good site,
    thanks for taking the time to put all this together.

    Jeff Stebelton
    Manager, Network Security
    BISYS Network Security Group
    614-470-8249 direct
    614-203-2563 cell

    |---------+---------------------------->
    | | "Andy Cuff |
    | | [Talisker]" |
    | | <lists@securitywi|
    | | zardry.com> |
    | | |
    | | 12/03/2003 03:43 |
    | | PM |
    | | Please respond to|
    | | "Andy Cuff |
    | | [Talisker]" |
    | | |
    |---------+---------------------------->
    >---------------------------------------------------------------------------------------------------------------|
      | |
      | To: <focus-ids@securityfocus.com> |
      | cc: |
      | Subject: Categories of IDS |
    >---------------------------------------------------------------------------------------------------------------|

    Hi,
    I really need to update the categories of IDS on my website. They have
    developed substantially over the last few years and therefore I was looking
    to drop the following pages:

    DROP
    Network Node IDS - Non Promiscuous network IDS.
    http://www.securitywizardry.com/nnids.htm
    Hybrid IDS - Host and Network Node IDS Combined.
    http://www.securitywizardry.com/hybrid.htm

    INTRODUCE
    Introducing Wireless IDS
    http://www.securitywizardry.com/Wids.htm removing them from
    http://www.securitywizardry.com/wireless.htm

    Long overdue Host IPS - Has anyone got a list that I can use for starters
    ??

    RESULTING IN
    Host IPS
    Network IPS
    Host IDS
    Network IDS
    File Integrity Checkers
    Honeypots
    Network Taps
    Security Consoles
    IDS Training

    Am I missing anything ?
    -andy

    Talisker Security Tools Directory
    http://www.securitywizardry.com

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    This email is confidential and intended solely for the use of the
    individual or entity to whom it is addressed. If you have received this
    email in error please notify the system manager at mailadmin@bisys.com and
    delete the email immediately.

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: edward gonzales: "RE: Symantec Manhunt"

    Relevant Pages

    • Re: IDS and NMS
      ... Start by designing and installing a network. ... Next, a more detailed view of the network is required, so a NMS is ... the network administrator wants to see what ... This is where integrating the IDS console into the NMS makes sense. ...
      (Focus-IDS)
    • Re: "false positive" inanity
      ... So Mr. Snyder is asking for an IDS that does not need to be configured? ... maximum control of his/her network. ... attack. ... > assuming that it is not an intrusion. ...
      (Focus-IDS)
    • Re: Secure Network Design (DMZ, LAN, etc)
      ... I'd like one outside the firewall and one ... I assumed I could make the first IDS ... should I have the IDS listening on the 192.168.1.0/24 network as well (web ... >Since the whole world will need access to your web servers, ...
      (Security-Basics)
    • Re: Need some information on HIDS!
      ... I have already invoked such a scenario in some of my previous IDS ... What I had in mind is something like encrypting the whole ... network traffic, to prevent sniffing from intruders (let's say wall-to-wall ... analysing and displaying logs. ...
      (Focus-IDS)
    • Re: which attacks will generate false positive or false negative?
      ... addresses of the servers on your network that are allowed to do DNS Zone ... you first install a Network IDS, snmpwalks may trigger from your network ... Matt brings up the point of alerts to things that didn't have any ... you're not sure of the best way to tune out false positives during your ...
      (Focus-IDS)