Intrusion Detection Systems mailing list archives

Re: Real Traffic (was Re: BlackICE IDS)

From: tschroed () acm org (Trevor Schroeder)
Date: Tue, 7 Dec 1999 14:23:08 -0600 (CST)



On Tue, 7 Dec 1999, Lance Spitzner wrote:

I'm not saying having one single IDS system is the way to go.  But
having a NID on every single network segment may hit the point of
diminishing returns.


I agree... It's not so much the idea of having multiple NIDS across
multiple segments but multiple *diverse* NIDS operating in the *same*
environment and voting on what's occurring.

Of course the correlation must be automated or it's nearly worthless.
..........................................................................
: "I knew it was going to cost me my head and also my swivel chair, but  :
: I thought: What the hell--better men than I have risked their heads    :
: and their swivel chairs for truth and justice." -- James P. Cannon     :
:........... http://www.zweknu.org/ for PGP key and more ................:

Current thread:

Re: Real Traffic (was Re: BlackICE IDS), (continued)
- - Re: Real Traffic (was Re: BlackICE IDS) Stuart Staniford-Chen (Dec 07)
    - Re: Real Traffic (was Re: BlackICE IDS) Trevor Schroeder (Dec 07)
    - Re: Real Traffic (was Re: BlackICE IDS) Stuart Staniford-Chen (Dec 07)
  - Re: Real Traffic (was Re: BlackICE IDS) Ron Gula (Dec 07)
    - Re: Real Traffic (was Re: BlackICE IDS) Misha (Dec 07)
    - RE: RE: Network Utilization discussion... Rouse, Kevin (Dec 07)
    - [Moderator FWD] Re: BlackICE IDS Lister, Justin (Dec 07)
    - Integrated Console Colin Haxton (Dec 08)
    - Re: [Moderator FWD] Re: BlackICE IDS Dug Song (Dec 08)
  - Re: Real Traffic (was Re: BlackICE IDS) Lance Spitzner (Dec 07)
    - Re: Real Traffic (was Re: BlackICE IDS) Trevor Schroeder (Dec 07)
    - Re: Real Traffic (was Re: BlackICE IDS) John S Flowers (Dec 07)
- Re: Real Traffic (was Re: BlackICE IDS) Dug Song (Dec 07)
- RealSecure Mailing List Lodin, Steven {IT 4~Indianapolis} (Dec 07)