Intrusion Detection Systems mailing list archives

RE: NIDS Testing Information..

From: "Bill Royds" <broyds () home com>
Date: Fri, 11 Aug 2000 17:32:38 -0400
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Like anything else in security, you need to have an idea of the purposes of your NIDS before your use one, either for 
evaluation or production. 
  Here are some suggested questions about what you want to NIDS to do:
1. What kind of network traffic are we analysing by the NIDS?  Mainly local traffic? Mainly Internet traffic? Mainly 
short transactions Mainly large file transfers? etc.

2. What is the value of the traffic that we are trying to protect? Corporate secrets? E-commerce transactions? Web 
surfing by our employees?

3. What kind of network are we using? Hub based, switched, many segments, high speed, low speed, can be forced though 
throttle point ...?

4. What is purpose of NIDS? Detect external intrusions that get through firewall, detect internal violations of 
security policy, protect corporate crown jewels, cover the corporate ass...ets?

5. What kind of resources will we need to use it? Simple GUI for low level staff, high level security expert to analyse 
sophisticated attacks? Do you need a separate security network to connect monitoring stations to console?

Once you know what you want the NIDS to actually do, then you can evaluate a NIDS as to how well it does it. A NIDS 
that is very fast may not be able to give you great details about what it sees. A NIDS with great signature sets and 
sophisticated AI capabilities may have difficulty keeping up with your 100Mb/s LAN.

   Just like any network planning, NIDS deployment needs a business case analysis.


-----Original Message-----
From: owner-ids () uow edu au [mailto:owner-ids () uow edu au]On Behalf Of
osman_arslaner () agilent com
Sent: Thursday, August 10, 2000 18:19
To: ids () uow edu au
Subject: IDS: NIDS Testing Information..


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Hello,

I have a couple of questions and will appreciate, if you can help me with
that:

We are planning to implement an NIDS and I am in the process of getting an
NIDS for evaluation and testing.

What kind of features should I be testing and what kind of test topology
(e.g firewalls etc.) should I
be using ?  Any help will be appreciated ?  Thanks.


Regards.

Osman Arslaner
Network Engineer
Tel: 650-857-5330
e-mail: osman_arslaner () agilent com
Current thread:

NIDS Testing Information.. osman_arslaner (Aug 11)
- Re: NIDS Testing Information.. nmcbss (Aug 11)
- RE: NIDS Testing Information.. Bill Royds (Aug 12)