|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Fw: Promiscuous vs Inline IDS
From: Dener L. Martins <613494596(at)brt14.com>
Date: Wed May 07 2003 - 10:36:27 EDT
Mustapha Huneyd wrote:
> I was wondering if there are tests conducted to show traffic (bottleneck)
Can you respond to attacks based on attack type, severity, source IP, destination IP, number of times attacked, or the time of day an attack occurs? No?
No wonder why you're swamped with false positives! Download a free 15-day trial of Border Guard and watch your false positives disappear.
Received on Thu May 8 00:10:12 2003
Date: Wed May 07 2003 - 10:36:27 EDT
Hi,
One good option is using a passive optical tap for Gigabit links. The latency introduced is minimum, and you can retrieve the alarms via another port (Fast Ether.), through another path. Inline is good when you want to create a "sub-DMZ" of boxes protected inside an Intranet, or inside another DMZ behind a firewall. The peak traffic must taken into consideration when dimensioning the box and its netwk interfaces.
dener
.......................
Mustapha Huneyd wrote:
> I was wondering if there are tests conducted to show traffic (bottleneck)
Can you respond to attacks based on attack type, severity, source IP, destination IP, number of times attacked, or the time of day an attack occurs? No?
No wonder why you're swamped with false positives! Download a free 15-day trial of Border Guard and watch your false positives disappear.
http://www.securityfocus.com/StillSecure-focus-ids2
Received on Thu May 8 00:10:12 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:12 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |