IDS mailing list archives
Re: IDS and NMS
From: Mayank-Bhatnagar <mayank () ncb ernet in>
Date: Wed, 18 Jun 2003 10:13:55 +0530 (IST)
hi Devdas, I didnt actualy made it clear why I had posed these questions (refer NMS & IDS query), actually we are in the process of doing research and developing an IDS solution which is going to have a Management Console of its own. So to integrate it or not with a SNMP NMS running in an organisation and what could be different adv & disadv was my main query.
Implications, if you build SNMP support for management into the IDS, you are increasing the probability of compromise of the IDS itself.
Yeah, this could happen as chances are there for openings into IDS throuh NMS and then question of having an IDS wont remain itself.
The IDS has a management protocol, which will have to be maintained as well.
Surely, if we have a protocol in place, involving SNMP architectue and communication protocol, another issue could be in place.
An IDS is looking for wierd, abnormal behaviour. This is a subset of a full network management system, but has typically not been called for.
Do you feel the industry is not looking for a centralised management system to handle both Network and Security or they perceive it in a manenr to handle one thing at one place and giving equal respect to security and Management.
On the other hand, SNMP might not be the best way to see the output of an IDS, or to manage its configuration (depending on the IDS, the labour involved in making it SNMP compatible, etc).
Very true and infact similar to what we were observing.... Thanks Devdas...for your reply..... Regards, Mayank Bhatnagar mayank () ncb ernet in ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- RE: False Positives (Definitions White Paper) Markle, Scott (Jun 05)
- IDS and NMS Mayank-Bhatnagar (Jun 13)
- RE: IDS and NMS David Markle (Jun 17)
- RE: IDS and NMS Jim Butterworth (Jun 17)
- Re: IDS and NMS Devdas Bhagat (Jun 17)
- RE: IDS and NMS Jim Butterworth (Jun 17)
- Re: IDS and NMS Devdas Bhagat (Jun 18)
- RE: IDS and NMS Jim Butterworth (Jun 18)
- Re: IDS and NMS Devdas Bhagat (Jun 18)
- RE: IDS and NMS David Markle (Jun 17)
- RE: IDS and NMS Mayank-Bhatnagar (Jun 19)
- IDS and NMS Mayank-Bhatnagar (Jun 13)
- Re: IDS and NMS Mayank-Bhatnagar (Jun 18)