On Sat, 17 Jun 2000, you wrote:
> Dear all,
>
> I understand that IDS is a pretty new technology aiming to detect,
> monitor and responds to different type of attacks at a network level.
> The idea is excellence when combining firewall to form an integrated
> security solution.
> However, I wonder the effectiveness that the IDS is claimed to perform.
> I saw many cases that internal network, mostly web server, is still
> hacked even there is a IDS to look after. The problems usually are as
> follows:
> 1. Too much false alert generated by the IDS. Hundreds of alert
> notice coming out that administrator is so confused to identify which
> one is a real attack. If he/she choose to respond each of the alert by
> blocking or killing the session, I am sure the network will not
> functioning properly.
> 2. Without good tuning mechanism for the IDS, there is a chance the
> network is still hacked before you get right notice from the IDS. Thus,
> the IDS is served as a logging system for you to trace back the attack
> rather than to protect you initially.
> 3. IDS may not be able to capture all packets to analyze if the
> network is reached to certain level of congestion. Thus, False negative
> result is obtained.
> 4. Attack signature may not be up-to-date for the IDS.
>
> Is anyone can share with me a right mechnaism to manage the IDS
> effectively ?
>
> Cheers !
>
> Keith
Try to look at www.counterpane.com, the guys there might gonna be
very helpful...
regards,
Jati
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
