RE: a novice question. -large networks -reply

[Mark.Teicher () predictive com (Mark.Teicher () predictive com)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Even with a network diagram, not understanding the business model of the 
organization can also prevent a well planned security architecture from 
succeeding.
Integrating an IDS system in to an existing network is very difficult 
since valid history of the problems with the network are sometimes not 
documented, except for those network admins who have been around the 
while.  This is another problem in of itself.  Some WAN/LAN diagrams I 
have been privy to over the years still don't give the detail one needs on 
what is going on where, and what protocols are being used from that 
department to another or that remote site to the central site.  Also most 
WAN/LAN cannot describe some of the network wiring that was meshed 
together in some computer room or some hub located in the men's room.  :)

Before even attempting a change on any existing organization's network, 
necessary network, routing, business information must be researched or 
assembled to give the network administrator, VAR reseller, or overly 
expensive so-claimed "security expert" to assist an organization in 
developing an IDS architecture.
and then matching the products +/-s that best fit the environment based on 
the information collected and the technical level of the staff that will 
be maintaining this type of monstrosity and ensuring the reseller or 
vendor that sold the particular IDS system will be there tomorrow. 

[NOTE: Hey Big Six type people update your templates, some of the products 
and companies you list in your reports are outdated or no longer exist.. 
:) ]

"Bill Royds" <broyds () home com>
03/27/00 04:45 AM

 
        To:     "Jackie Chan" <blue0ne () igloo org>, <Mark.Teicher () predictive com>
        cc:     <ids () uow edu au>
        Subject:        RE: IDS: a novice question. -large networks -reply

This is the fundamental problem with IDS. Too often the attitude toward 
network security is "add and IDS system somewhere and we are secure". 
Security is as much a part of network design as subnet allocation, routing 
and choice of hardware. There is no use having an IDS on a network that 
can't examine important information no having one that gets all the 
information in the WAN but can't do anything with it. Designing a network 
to have appropriate choke points and places to tap is paramount. The GIGO 
principle applies to IDS as much as any other computer system

-----Original Message-----
From: Jackie Chan
Sent: Sunday, March 26, 2000 08:43

First we need a good network diagram so that we can determine choke points
and where best to place passive 'Taps'.  I'm useless unless I have a good
network diagram. :)

blue0ne