Focus on IDS
IDS causing troubles Feb 01 2011 09:53AM Shang Tsung (shangtsung71 gmail com) (9 replies) RE: IDS causing troubles Feb 01 2011 08:26PM Andrew Plato (andrew plato anitian com) (1 replies) Re: IDS causing troubles Feb 11 2011 07:41AM Joel Jaeggli (joelja bogus com) (2 replies) RE: IDS causing troubles Feb 11 2011 06:23PM Matthew Fitzgerald (matthew fitzgerald cae com) (2 replies) Re: IDS causing troubles Feb 11 2011 07:14PM Joel Jaeggli (joelja bogus com) (2 replies) Re: IDS causing troubles Feb 15 2011 03:23PM Joel Esler (joel esler me com) (1 replies) Re: IDS causing troubles Feb 18 2011 02:21PM Curt Purdy (infosysec gmail com) (1 replies) Re: IDS causing troubles Feb 18 2011 02:28PM Joel Esler (joel esler me com) (1 replies) Re: IDS causing troubles Feb 14 2011 06:28PM JiPi DiNi (jipidini gmail com) (1 replies) |
Privacy Statement |
You would think this would be picked up relatively quickly but it's a recurring issue in my world. It's important to know that this sort of negotiation/renegotiation may only present itself under heavy traffic volume or a specific type of traffic (MTU issues and so on). What's more is that upon investigation, the stats on a port on one side of the connection may look relatively clean whereas the port on the other side of the connection can be struggling.
It can be tough to get a provider to dig into this when it "seems" to be working at least for some or for the majority of the time. It's even more interesting when the two ends of the link are owned by different companies.
Matt Fitzgerald, P.Eng
Security Architect
CAE Professional Services
36 Solutions Drive
Suite 200
Halifax, NS
B3S1N2
Tel. 902-420-3070 x2127
Fax: 902-420-3087
Matthew.Fitzgerald (at) cae (dot) com [email concealed]
CONFIDENTIALITY NOTICE
This e-mail message is intended only for the above named recipient(s) and may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you have received this message in error or are not the named recipient(s), please immediately notify the sender, delete this email message without making a copy and do not disclose or relay this e-mail message to anyone.
-----Original Message-----
From: Joel Esler [mailto:joel.esler (at) me (dot) com [email concealed]]
Sent: February 15, 2011 11:25 AM
To: JiPi DiNi
Cc: Joel Jaeggli; Matthew Fitzgerald; Andrew Plato; Shang Tsung; focus-ids (at) securityfocus (dot) com [email concealed]
Subject: Re: IDS causing troubles
On Feb 14, 2011, at 1:28 PM, JiPi DiNi wrote:
> If inline it has to be a bypass switch not a tap.
>
> an IPS with a TAP is an IDS.
> an IPS with a bypass switch configured inline can block on traffic.
You might want to clarify this statement a bit more, for instance, there are tap vendors that make devices called "Vmode" taps, which is essentially an inline tap, the traffic goes through the tap, and sent through an IPS, however if the IPS fails, the vmode tap "fails open" sending the traffic straight through.
This may be what you meant about a bypass switch, but just clarifying the terminology.
--
Joel Esler
http://www.joelesler.net
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
[ reply ]