Hi And, of course, host-based sensors assume that you have admin rights on the servers concerned. Not always possible, for practical or political reasons.
This is often the case in a MSS solution where IDS is retro- fitted to an existing solution managed by a completely different comany! Robert -- Robert Turner GCIA Security Solutions Designer & Analyst BT Secure Business Services T: +44 (0)113 244 5951 F: +44 (0)113 244 5657 [EMAIL PROTECTED] == # include std.disclaimer ===================================== British Telecommunications plc Registered office: 81 Newgate Street London EC1A 7AJ Registered in England no. 1800000 This electronic message contains information from British Telecommunications plc which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. Activity and use of the British Telecommunications plc E-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. ================================================================= -----Original Message----- From: Jones, Jeff [mailto:[EMAIL PROTECTED] Sent: Wed 26-Mar-03 2:23 PM To: 'Donnie Green'; [EMAIL PROTECTED] Cc: Subject: RE: [ISSForum] "Why not a Switch?" Whitepaper was: SPAN port for IDS monitoring - Cisco switches Host base is still processor intensive, really depends on the OS, and of course the policy that is installed on it. Jeff -----Original Message----- From: Donnie Green [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: RE: [ISSForum] "Why not a Switch?" Whitepaper was: SPAN port for IDS monitoring - Cisco switches Yeah, but how much of the cpu does that utilize? Host based intrusion detection has always been thought of as processor intensive. Does that still hold true? At 03:03 PM 3/24/2003 +0000, you wrote: >Well, > >all this mail about Span ports, monitoring, Top Layer switches, Taps >etc. etc. sure shows how server based is a better route! > >JT > >John Taylor | Director Security Products | Tolerant Systems Ltd | 01782 >865026 | 07730 989255 This electronic message contains information from >Tolerant Systems, which may be privileged or confidential. The >information is intended for use only by the individual(s) or entity >named above. If you are not the intended recipient, be aware that any >disclosure, copying, distribution or use of the contents of this >information is strictly prohibited. If you have received this >electronic message in error, please notify me by telephone or email (to >the number or email address above) immediately. > > _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
