My experience of IBM ISS nips has not disappointed me or any of my customers. Carefully planning of implementation of both the nips and hips content updates is really mandatory to make sure you have a stable environment. The outsourcing partner should know this. I suggest you revise your partners SLA and make sure it is compliant with your own expectation.
If you're running in IDS-mode and using a span port, make sure your switch is able to handle the amount of aggregated network traffic. /Anders Certezza AB -----Ursprungligt meddelande----- Från: [email protected] [mailto:[email protected]] För Bob-Buel Skickat: den 12 februari 2011 19:39 Till: [email protected] Ämne: RE: IDS causing troubles Just my two cents here--no, the right implementation of the right product will not result in downtime. Having a state of the art IPS in production in a critical infrastructure for 4 years now, I can tell you, no downtime. Few false positives, and little extra latency. Have kissed my frogs to find the prince, and will never change. BTW, Tipping point IPS in case you are wondering... -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joel Jaeggli Sent: Friday, February 11, 2011 1:41 AM To: Andrew Plato Cc: 'Shang Tsung'; [email protected] Subject: Re: IDS causing troubles You might ask yourself why it's inline rather than an on on monitor port or a tap. There are serious scalability and performance problems to be had when putting an inspection device in some locations in the network and you should be mindful of that, ultimately if availability is a consideration and it generally is and the thing causes outages them you have a rather a big problem. joel On 2/1/11 12:26 PM, Andrew Plato wrote: > All network engineers want to burn down the IPS. That's nothing new. > > > Disruptions should not be common. Most modern IPS/IDS solutions are > pretty good about minimizing the downtime. ISS stuff is pretty good > about this, although not great. > > I'd say your outsourced provider may have some issues or you need to > update to the latest versions. > > Firmware updates should be scheduled to coincide with normal > maintenance windows in case there is any downtime. Signature updates > can also be scheduled for a reasonable daily or weekly window. > > Network admins will blame EVERYTHING on the IDS/IPS because it's > easier for them to blame the IPS then for them to do their jobs. > There is a possibility you have network infrastructure issues. You > might want to consider getting a third party assessment of your > network. That way you can get an objective analysis that will hold > more weight with management. > > Good luck. > > > Andrew Plato, CISSP, CISM, QSA Anitian Enterprise Security > > > > -----Original Message----- From: [email protected] > [mailto:[email protected]] On Behalf Of Shang Tsung Sent: > Tuesday, February 01, 2011 1:53 AM To: [email protected] > Subject: IDS causing troubles > > Hello, > > We have the following problem. Now and then, the IDS will cause > disruptions to the network, especially after updates. We have an IBM > (ex ISS) Intrusion Detection System with a few network sensors and > several host sensors. The IDS is not managed by us but we have it > outsourced. > > The disruptions mentioned above cause our network engineers extreme > dissatisfaction (and anxiety) about the IDS and they would "burn the > damn thing", if they could. We have 2 - 3 serious issues, causing > downtime, per year. > > My questions are: > > - Are any of you experience the same issues? - Is these disruptions > common to others or should we seriously consider replacing the IDS > and/or the outsourcing company? - Could this be an issue with our > network infrastructure? > > I will appreciate any thoughts. > > Thanks, ST > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. A guide to understanding > SSL certificates, how they operate and their application. By making > use of an SSL certificate on your web server, you can securely collect > sensitive information online, and increase business by giving your > customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e > 1a17f194 > > > > > > > > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. A guide to understanding > SSL certificates, how they operate and their application. By making > use of an SSL certificate on your web server, you can securely collect > sensitive information online, and increase business by giving your > customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e > 1a17f194 > > > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f1 94 ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
