Intrusion Detection Systems mailing list archives

RE: NEW TO IDS

From: broyds () home com (Bill Royds)
Date: Thu, 16 Dec 1999 07:44:41 -0500



You asked:
         1) does ids monitor IP traffic or they do monitor IPX and SNA traffic 
     for loopholes  too.
Generally most Network IDS systems monitor only IP since that is the most prevalent traffic but since IPX and SNA are 
also carried over Ethernet then an Ethernet sniffer based IDS can listen to other protocols. Some IDS do recognise IPX 
including Axent's NetRecon. You need to ask that question of the various vendors. It is mostly a design decision rather 
than being limited by hardware.

         one solution is to put ids between internet router and firewall, I 
     know it will monitor a lot of traffic and might generate false alarm 
     but is it the only possible way.

IDS is a kind of burglar alarm.  You would put a business burglar alarm on front door, but also by you accounting 
office and safe and any other important assets. Many IDS have separate sensor programs that one deploys all over the 
network with a central monitoring station to integrate the information. This allows one to place the sensors where 
needed but to have a single control console. This console can often integrate with a firewall as Axent does with its 
Raptor-NetRecon-NetProwler.

  Since many Firewalls and IDS output their logs in syslog format, they can be combined by tools like Perl as well as 
other more specialised packages.

-----Original Message-----
From: owner-ids () uow edu au [mailto:owner-ids () uow edu au]On Behalf Of
kbashir () engro com
Sent: Thursday, December 16, 1999 00:49
To: ids () uow edu au
Subject: IDS: NEW TO IDS

     I wanted to find out a couple of things.
     
     
     1) does ids monitor ip traffic or they do monitor ipx and sna traffic 
     for loopholes  too.
     
     2) basically i want to find how to monitor internet traffic with ids. 
     is the below solution good or bad.
     
     i know i can integrate the firewall logs with the ids in market but if 
     you have a firewall which doesnt have this capability how can u do 
     this.
     
     one solution is to put ids between internet router and firewall, i 
     know it will monitor a lot of traffic amd might generate false alarm 
     but is it the only possible way.
     
     kb

Current thread:

Jeff Johnson's CMM security model -- any pointers? Gene Kim (Dec 10)
- Re: Jeff Johnson's CMM security model -- any pointers? Jackie Chan (Dec 10)
- NFR Help Rodolfo Dias (Dec 14)
  - Re: NFR Help Delores A. Quade (Dec 14)
  - Re: NFR Help Marcus J. Ranum (Dec 14)
  - Re: NFR Help Greg Shipley (Dec 14)
  - Re: NFR Help Carric Dooley (Dec 15)
  - NEW TO IDS kbashir () engro com (Dec 15)
    - Web Trends Sec Analyzer Duke Imaizumi (Dec 16)
    - RE: NEW TO IDS Bill Royds (Dec 16)
    - ISS's RealSecure on UNIX Richters, Eriks (Dec 16)
    - Bookmark URL's that contain authentication arguements ICoS (Dec 19)
    - Jeff Johnson's CAMM work Gene Kim (Dec 20)
    - If Tripwire could detect ........... Duke Imaizumi (Dec 23)
    - SATAN Bram Shirani (Dec 23)
    - Re: SATAN B Potter (Dec 24)
    - Re: SATAN Jonas Eriksson (Dec 27)
    - Re: SATAN Carric Dooley (Dec 24)
    - [Fwd: "An idea, a project, a collaboration"] Philip S Holt / Security Engineering (Dec 22)
    - [CFP] RAID 2000 (Recent Advances in Intrusion Detection) Herve DEBAR (Dec 22)