regarding Back bone network
grd-pub.56 at NOSPAMnetcourrier.com
grd-pub.56 at NOSPAMnetcourrier.com
Mon Apr 7 23:37:30 PDT 2003
Hi,
I assume that these "specialists" are simply pointing out to the fact that if
the network-based IDS system is using the very network it is monitoring (the
"backbone network" ?) for its internal communication purposes, then it might
be silenced or otherwise hindered by a skillful attacker...
Thus, if your budget allows it, it is way better to have a separate (secure)
"control network". Your NIDS sensors are then connected in "read-only"
sniffer mode to the operational network, while they communicate with each
other or with the main IDS server through this control network. Please note
that "active-response" NIDS'es will require full read/write access to the
operational network as well.
The regular network will just be whatever it happens to be, -- TCP/IP or
other, -- but you're essentially free to decide what kind of control network
you want to set up. A non-TCP/IP network might be harder to break in as the
attacker might not be as familiar with it, but it would not be wise to
simply rely on this ! A TCP/IP network will be much easier to set up and you
won't have much trouble configuring your sensors for it.
Good luck,
Olivier.
On Tuesday 08 April 2003 06:44 am, Mayank-Bhatnagar wrote:
> hi all,
>
> Well this doubt is certainly not specific to any IDS but I just wanted to
> put it to our Bro community.
>
> In IDS scenario, we say that the sensors and main IDS server when deployed
> communicate with each other. Now there is a special term known as
> "backbone network" about which specialists say that the IDS does not rely
> on the underlyting network, so that attackers cannot compromise upon the
> messages transferred by IDS syatem.
>
> What could be this back bone network.....it seems to be different from the
> normal TCP/IP...or is it same and a different technique used .....
>
> Can anyone throw some light on this topic?
>
> Thanks and regards,
>
> Mayank Bhatnagar
> National Centre for Software Technology,
> Bangalore, India.
More information about the Bro
mailing list