Re: Categories of IDS

From: Andy Cuff [Talisker] (lists_at_securitywizardry.com)
Date: 12/04/03

  • Next message: Michael Stone: "Re: SourceFire RNA"
    To: <focus-ids@securityfocus.com>
    Date: Thu, 4 Dec 2003 22:24:36 -0000
    
    

    Hi Jeff
    > Looks good. Hope the TAPS page has info on channel bonding

    Have you seen Intrusions taps they have a hub inbuilt so you don't
    have to mess with the half duplex outputs to make it full duplex. There is
    an
    issue with bandwidth in the 10/100 tap such that it can only handle 100Mb/s
    total output ie 60 + 40 is okay but 60 + 50 will drop 10Mb/s I believe this
    is
    overcome with their 10/100/1000 tap. I'm really impressed, they also have a
    variant that will allow crafted resets to be inserted back into the traffic.
    I feed the output into a dumb hub and then into multiple IDS.

    -andy

    Talisker Security Tools Directory
    http://www.securitywizardry.com
    ----- Original Message -----
    From: <Jeffrey.Stebelton@bisys.com>
    To: "Andy Cuff [Talisker]" <lists@securitywizardry.com>
    Cc: <focus-ids@securityfocus.com>
    Sent: Thursday, December 04, 2003 8:24 PM
    Subject: Re: Categories of IDS

    >
    > Looks good. Hope the TAPS page has info on channel bonding. Good site,
    > thanks for taking the time to put all this together.
    >
    > Jeff Stebelton
    > Manager, Network Security
    > BISYS Network Security Group
    > 614-470-8249 direct
    > 614-203-2563 cell
    >
    >
    >
    > |---------+---------------------------->
    > | | "Andy Cuff |
    > | | [Talisker]" |
    > | | <lists@securitywi|
    > | | zardry.com> |
    > | | |
    > | | 12/03/2003 03:43 |
    > | | PM |
    > | | Please respond to|
    > | | "Andy Cuff |
    > | | [Talisker]" |
    > | | |
    > |---------+---------------------------->
    >
    >---------------------------------------------------------------------------
    ------------------------------------|
    > |
    |
    > | To: <focus-ids@securityfocus.com>
    |
    > | cc:
    |
    > | Subject: Categories of IDS
    |
    >
    >---------------------------------------------------------------------------
    ------------------------------------|
    >
    >
    >
    >
    > Hi,
    > I really need to update the categories of IDS on my website. They have
    > developed substantially over the last few years and therefore I was
    looking
    > to drop the following pages:
    >
    > DROP
    > Network Node IDS - Non Promiscuous network IDS.
    > http://www.securitywizardry.com/nnids.htm
    > Hybrid IDS - Host and Network Node IDS Combined.
    > http://www.securitywizardry.com/hybrid.htm
    >
    > INTRODUCE
    > Introducing Wireless IDS
    > http://www.securitywizardry.com/Wids.htm removing them from
    > http://www.securitywizardry.com/wireless.htm
    >
    > Long overdue Host IPS - Has anyone got a list that I can use for starters
    > ??
    >
    > RESULTING IN
    > Host IPS
    > Network IPS
    > Host IDS
    > Network IDS
    > File Integrity Checkers
    > Honeypots
    > Network Taps
    > Security Consoles
    > IDS Training
    >
    > Am I missing anything ?
    > -andy
    >
    > Talisker Security Tools Directory
    > http://www.securitywizardry.com
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------
    -
    >
    >
    >
    >
    >
    > This email is confidential and intended solely for the use of the
    > individual or entity to whom it is addressed. If you have received this
    > email in error please notify the system manager at mailadmin@bisys.com and
    > delete the email immediately.
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Michael Stone: "Re: SourceFire RNA"

    Relevant Pages

    • RE: Network Tappers, IDS, etc.
      ... Subject: Network Tappers, IDS, etc. ... getting a pretty hefty server to use as the database server at the ... I would like any information available on network taps. ...
      (Focus-IDS)
    • RE: Hub vs. Tap vs. SpanPort
      ... JV> is the hub method the only one to send RST packets? ... The paper is targetted at ISS RealSecure as the IDS s/w but the ... It's expensive on TAPs but a neat way to handle the issue. ... IDS is connected to the internet side of the firewall. ...
      (Focus-IDS)
    • Re: Use of Taps for IDS
      ... seriously by the IDS/Switch/Tap vendors. ... an IDS sensor that can accept the dual outputs from existing ethernet ... a switch that can take output from multiple taps (representing multiple ...
      (Focus-IDS)
    • Re: Categories of IDS
      ... BISYS Network Security Group ... I really need to update the categories of IDS on my website. ... Long overdue Host IPS - Has anyone got a list that I can use for starters ...
      (Focus-IDS)
    • RE: IDS taps
      ... Doesn't need a IP/Mac so the IDS or Sniffer is hidden to the network and better yet hackers ... Taps do not require configuration and are generally passive and fault tolerant. ... for us for passive monitoring. ...
      (Security-Basics)