Am Dienstag 01 Februar 2011 10:53:29 schrieb Shang Tsung: > Hello, > > We have the following problem. Now and then, the IDS will cause > disruptions to the network, especially after updates. We have an IBM > (ex ISS) Intrusion Detection System with a few network sensors and > several host sensors. The IDS is not managed by us but we have it > outsourced. > > The disruptions mentioned above cause our network engineers extreme > dissatisfaction (and anxiety) about the IDS and they would "burn the > damn thing", if they could. We have 2 - 3 serious issues, causing > downtime, per year. > > My questions are: > > - Are any of you experience the same issues? > - Is these disruptions common to others or should we seriously > consider replacing the IDS and/or the outsourcing company? > - Could this be an issue with our network infrastructure? > ... I assume your IDS runs in IPS mode. 1. yes, an update caused sometimes problems. If you do not test an update before, it can also come to failures in the running environment. This is not a problem with ISS. This is a problem with your provider.
2. An other problem is the protocol inspection: I assume your IDS runs in IPS mode. All IPS have the same problem. Sometimes they misunderstand standard protocols on the basis of wrong set parametres. Until the parametres are corrected, it can lead to connection abnormal terminations. kind regards Udo ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
