Firewalls: Re: Intrusion Detection

Firewalls
(December 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Intrusion Detection - Switched Network
From:	"Paul D. Robertson" <proberts @ clark . net>
Date:	Tue, 30 Dec 1997 20:48:53 -0500 (EST)
To:	Darren Reed <avalon @ coombs . anu . edu . au>, pva @ bluerose . tju . edu, firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 91 . 971230192449 . 2330B-100000 @ gargoyle>

Darren also asked:

> > And what then will the IDS system be able to do ?

[Sorry, I missed this sentence in my first reading]

We'd also hope that the IDS would alert on the intrusion due to the 
attempted co-opting of the switch, since it's a part of our 
infrastructure we would want it monitored, and if that were successful, we 
would also hope that it would also alarm on the loss of multi-MAC traffic on 
the link.  'Alarm on what we know is bad' isn't as encompassing as 'Alarm 
because we haven't seen anything good', and I'd expect to be able to have 
a mix of the two.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts @
 clark .
 net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

References:

Re: Intrusion Detection - Switched Network
From: "Paul D. Robertson" <proberts @ clark . net>

Indexed By Date	Previous:	cable descramblers From: Ladyd99 <Ladyd99 @ aol . com>
Indexed By Date	Next:	RE: Borderware vs Firewall - 1 From: manuel . ricca @ pararede . pt
Indexed By Thread	Previous:	Re: Intrusion Detection - Switched Network From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread	Next:	Re: Intrusion Detection - Switched Network From: Ted Doty <ted @ iss . net>