IDS / Security Information Management

IDS Loadbalancing

Use of "Top layer" for NIDS load balancing ..

IDS Default timeout adjustment

1) Filtering out the ip fragment memory flushing ..

2) Normalization setting timeouts for the data before it is monitored as a potential attack

IDS Interpretation Integration / Security Information Management SIM / Intrusion Management Systems

The future of the security management of high integrity networks lies in the use of Security Information Management systems SIM. These intelligently integrate network and host based sensor alerts with firewall log analysis and together with the output from file integrity checkers (Tripwire) give security managers a sufficiently intelligent view to be able to deal effectively and speedily with security incidents. These products are developed by NetForensics, Intellitactics, Network Intelligence, e-Security which allow rapid cross-correlation between these sources. I have some knowledge of these products.

This process will be essential as we move towards the environment of port 80 envelope management and the management of auto-hacker script management.

Firewalls will have to move fast towards IDS/Firewall integrated products such as inline IDS from ISS. OneSecure and TippingPoint and Hogwash to be able to manage these threats.

Quote : MARCUS J. RANUM : (builder of the US president's mail server, whitehouse.gov ) .. "[when we see] .. mass rooters or remote control Trojans that are effectively employing SSL or any kind of transaction securities that would masquerade as e-commerce … it's all over for firewalls " …. Information Security June 2002

See New Real-Time Intruder Management Console