|
-
February 26th, 2003, 10:24 PM
#4
I have been asked to explain via PM what the advantages and disadvantages are by some folks here. Here is what I can come up with in 5 minutes or less:
DISADVANTAGES: MSM
1) Your IDS is out of your physical control
2) You can't be sure who is applying the rules and who is responsible for your account (trust me on this one).
3) Turn around time for changes/updates may be longer than acceptable to users/management
4) Cost
5) Reporting tends to be less customizable
6) Long contracts usually are involved
7) Even if you are skilled enough, you may not be able to craft your own signatures (algorythums) because of licensing restrictions/management restrictions by your MSM provider
ADVANTAGES:
1) If you don't have the skillset in house, this is a better way to get immediate satisfaction
2) If you have the bling bling, this may free up more of your time to focus on other projects
3) If something goes wrong, you can point the finger at the MSM provider
4) The equipment usually is installed and maintained by the MSM thus again, freeing more of your time for other purposes.
YOUR OWN IDS ADVANTAGES:
1) You are in control and have the ability to update signatures the minute the manufacturer releases them (as I do with mine)
2) If the unit turns out to be a dud, you can rip it out of your rack and pursue another manufacturer
3) You can be SURE that it is filtering the appropriate segments because you know your network infrastructure
4) You can easily move the sensor should your WAN/LAN group decide to make physical changes to the network room/network setup
5) You can change the behavior of the IDS on the fly without calling your MSM to get involved
DISADVANTAGES YOUR OWN IDS
1) If it breaks down, and you didn't purchase a failover box, you are more than likely waiting 24 hours at best before a new one arrives. This assumes that you have purchased support.
2) If you hose up the configs, YOU have to rebuild the box.
3) If you suddenly find that the IDS company has decided to move into another segment, you're stuck with the box until you can test and purchase a new solution.
4) If something goes wrong, everyone looks at you because ultimately, you are the admin of the IDS.
Hope this helps all those who are curious.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote