[Snort-users] Snort with IPSec

Jason Haar Jason.Haar at ...294...
Tue Nov 4 16:39:05 EST 2003

On Tue, Nov 04, 2003 at 02:27:02PM -0600, Josh Berry wrote:
> Yes, we would be implementing IPSec all the way down to ALL desktops and
> servers.  All network communication would be through IPSec.

...then it's goodbye NIDS - hello HIDS!

Seriously, if you are going to do this, then network monitoring will be
almost impossible - you will have to focus on the host security itself.

BTW: this is affecting all of us even today. Who's running Active Directory?
Who's seen all that host-to-domain-controller traffic suddenly flick over to
IPSec? Who's be hit (like me) with trying to diagnose Active Directory
problems, only to find that the LDAP call is over TLS?

Microsoft has made everyone's lives harder - without making it less
buggy/more secure. Throwing encryption at problems doesn't make the inherent
problem go way... [mutter, mutter] 

BTW: I'm surprised they're allowed to ship such product - are countries such
as North Korea not allowed to run Win2K+ I suppose???


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list