Focus on IDS
IDS causing troubles Feb 01 2011 09:53AM
Shang Tsung (shangtsung71 gmail com) (9 replies)
Re: IDS causing troubles Feb 03 2011 10:32AM
Udo Sprotte (Udo Sprotte t-online de)
Re: IDS causing troubles Feb 02 2011 10:59PM
Paul Palmer (b paul palmer gmail com)
RE: IDS causing troubles Feb 02 2011 06:33AM
alex cc technion ac il
RE: IDS causing troubles Feb 02 2011 04:06AM
Alex Nepolian cognizant com
Re: IDS causing troubles Feb 02 2011 12:04AM
Antônio Arruda Neto (anetoarruda gmail com)
Re: IDS causing troubles Feb 01 2011 09:41PM
Jeff Ames (jeffames nemesissolutions co uk)
Re: IDS causing troubles Feb 01 2011 08:50PM
Shwetabh Sharma (shwetabhsharma gmail com) (1 replies)
RE: IDS causing troubles Feb 04 2011 06:35AM
IT_H_Security (IT_H_Security MahindraSatyamBPO com)
Re: IDS causing troubles Feb 01 2011 08:48PM
JiPi DiNi (jipidini gmail com)
RE: IDS causing troubles Feb 01 2011 08:26PM
Andrew Plato (andrew plato anitian com) (1 replies)
Re: IDS causing troubles Feb 11 2011 07:41AM
Joel Jaeggli (joelja bogus com) (2 replies)
RE: IDS causing troubles Feb 12 2011 06:39PM
Bob-Buel (bob buel org) (1 replies)
SV: IDS causing troubles Feb 15 2011 07:39AM
Anders Petrén (anders certezza net)
RE: IDS causing troubles Feb 11 2011 06:23PM
Matthew Fitzgerald (matthew fitzgerald cae com) (2 replies)
Joel, its inline because prevention requires intervention. You bring up a good point though, perhaps the issue should be taken outside of the technical arena and brought to the business/contract folks to reset expectations around prevention/detection.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Joel Jaeggli
Sent: February 11, 2011 3:41 AM
To: Andrew Plato
Cc: 'Shang Tsung'; focus-ids (at) securityfocus (dot) com [email concealed]
Subject: Re: IDS causing troubles

You might ask yourself why it's inline rather than an on on monitor port
or a tap.

There are serious scalability and performance problems to be had when
putting an inspection device in some locations in the network and you
should be mindful of that, ultimately if availability is a consideration
and it generally is and the thing causes outages them you have a rather
a big problem.

joel

On 2/1/11 12:26 PM, Andrew Plato wrote:
> All network engineers want to burn down the IPS. That's nothing new.
>
>
> Disruptions should not be common. Most modern IPS/IDS solutions are
> pretty good about minimizing the downtime. ISS stuff is pretty good
> about this, although not great.
>
> I'd say your outsourced provider may have some issues or you need to
> update to the latest versions.
>
> Firmware updates should be scheduled to coincide with normal
> maintenance windows in case there is any downtime. Signature updates
> can also be scheduled for a reasonable daily or weekly window.
>
> Network admins will blame EVERYTHING on the IDS/IPS because it's
> easier for them to blame the IPS then for them to do their jobs.
> There is a possibility you have network infrastructure issues. You
> might want to consider getting a third party assessment of your
> network. That way you can get an objective analysis that will hold
> more weight with management.
>
> Good luck.
>
>
> Andrew Plato, CISSP, CISM, QSA Anitian Enterprise Security
>
>
>
> -----Original Message----- From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shang Tsung Sent:
> Tuesday, February 01, 2011 1:53 AM To: focus-ids (at) securityfocus (dot) com [email concealed]
> Subject: IDS causing troubles
>
> Hello,
>
> We have the following problem. Now and then, the IDS will cause
> disruptions to the network, especially after updates. We have an IBM
> (ex ISS) Intrusion Detection System with a few network sensors and
> several host sensors. The IDS is not managed by us but we have it
> outsourced.
>
> The disruptions mentioned above cause our network engineers extreme
> dissatisfaction (and anxiety) about the IDS and they would "burn the
> damn thing", if they could. We have 2 - 3 serious issues, causing
> downtime, per year.
>
> My questions are:
>
> - Are any of you experience the same issues? - Is these disruptions
> common to others or should we seriously consider replacing the IDS
> and/or the outsourcing company? - Could this be an issue with our
> network infrastructure?
>
> I will appreciate any thoughts.
>
> Thanks, ST
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL. A guide to understanding
> SSL certificates, how they operate and their application. By making
> use of an SSL certificate on your web server, you can securely
> collect sensitive information online, and increase business by giving
> your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>
>
>
>
>
>
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL. A guide to understanding
> SSL certificates, how they operate and their application. By making
> use of an SSL certificate on your web server, you can securely
> collect sensitive information online, and increase business by giving
> your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: IDS causing troubles Feb 14 2011 05:21PM
Curt Purdy (infosysec gmail com)
Re: IDS causing troubles Feb 11 2011 07:14PM
Joel Jaeggli (joelja bogus com) (2 replies)
Re: IDS causing troubles Feb 15 2011 03:23PM
Joel Esler (joel esler me com) (1 replies)
Re: IDS causing troubles Feb 18 2011 02:21PM
Curt Purdy (infosysec gmail com) (1 replies)
Re: IDS causing troubles Feb 18 2011 02:28PM
Joel Esler (joel esler me com) (1 replies)
Re: IDS causing troubles Feb 18 2011 02:49PM
Curt Purdy (infosysec gmail com) (1 replies)
Re: IDS causing troubles Feb 18 2011 02:51PM
Joel Esler (joel esler me com)
Re: IDS causing troubles Feb 14 2011 06:28PM
JiPi DiNi (jipidini gmail com) (1 replies)
Re: IDS causing troubles Feb 15 2011 03:25PM
Joel Esler (joel esler me com) (2 replies)
Re: IDS causing troubles Feb 19 2011 03:47AM
Ichilov (zivi radware com)
RE: IDS causing troubles Feb 15 2011 04:08PM
Matthew Fitzgerald (matthew fitzgerald cae com)


 

Privacy Statement
Copyright 2010, SecurityFocus