Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS and Bandwidth

from [Tony Rall] Network Security [Permanent Link]
Subject: Re: IDS and Bandwidth
Date: Mon, 4 Jul 2005 23:31:29 -0700 
On Tuesday, 2005-07-05 at 03:46 GMT, bhaskar.gupta@tcs.com wrote:

I am working as an IDS operator in my company. Due to big size of the 
organisation, different IDS nodes are monitoring different centers 

through a 

central master node. Since there are lot of incidents ( including false 
positives ) generated across the organsation, there is a complaint from 

our 

networking team that IDS is consuming lot of bandwidth over networking

I am really not able to figure out how much IDS can eat up network 

bandwidth.

If you were mirroring all traffic to a central IDS for analysis, that 
could easily consume all available bandwidth.

If you are only forwarding detected positives to the central site, that 
should normally be less than 1% of the monitored traffic on individual 
remote links.  Only if you had extremely many remote links or relatively 
low bandwidth into your central site should this result in a significant 
load on the central links.

Tony Rall

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  IDS and Bandwidth, bhaskar . gupta
Next by Date:  RE: IDS and Bandwidth, PPowenski
Previous by Thread:  IDS and Bandwidth, bhaskar . gupta
Next by Thread:  Re: IDS and Bandwidth, Fergus Brooks
Indexes:  [Date] [Thread] [Top] [All Lists]