[Bro] IDS newbie. Question on security Vs performance
sudhakarg79spam at gmail.com
Mon Dec 4 04:50:58 PST 2006
I am a post-doc at Princeton. I am new to Bro/IDS systems and am pondering
on fuure research ideas. I am thinking of researching Bro, Snort and other
intrusion detection systems. I am a bit new to intrusion detection stuff.
Do IDS systems in general have a parameter that can be used to tune security
Intrusion detection systems easily observe millions of packets a second.
Given this voluminous data, the performance per packet could have signicant
impact on the performance of the network. Also, system administrators can
easily get overwhelmed with the false positives even if the rate is small.
Do intrusion detection systems have an .alert level that decides how
aggressively to look for attacks. When in a heightened state of alert, cyber
security managers could change the alert level so that the intrusion
detection system tries to look more closely at packets to make a more
Does this idea of alert level make any sense?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro