Forgot your password?
Close
typodupeerror

When Telecom Mergers Hit Home 131

Posted by Zonk from the there-are-people-working-there dept.
netbuzz writes "A telecom manager submitted an essay to Network World that paints a sadly humorous picture of what the mega-telecom mergers really mean on the ground." From the article: "Well, when I heard that these companies were about to combine forces, it made my blood run cold. How would they be able to take, in each case, two companies with already broken processes and mediocre customer support and successfully merge them? How could they continue to provide me with the support I need to keep my company's networks functioning as they need to in this age of the bandwidth junkie? The answer ... at this moment, is they can't!"

Comment No quick, easy answer (Score 3, Informative) 264

by rumblies (#13117460) Attached to: Network Intrusion Detection and Prevention?
"...however, it is not often that we hear of new software, hardware or 'appliances' that combat malicious code attacks and data intrusions."

Clearly, you don't pay much attention to the glossy ads in Infoworld and CIO magazine. FUD marketing out the wazoo for exactly these types of devices.

This is actually a very hard problem to solve. I've written quite a bit on the subject, but I'll attempt to provide a few quick helpful points.

If you have some form of perimeter security, it becomes easier, but still very resource-intensive (both technology resources and human resources). I'm assuming that you're not at a university, or some other type of organization that has a wide open network, because if you were, you wouldn't care.

For a good list of fun tools, look here:
http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools. html

But beyond the rinky-dink stuff, at the most basic level, you want to make two choices right up front:
How important is the real-time interdiction to you?
Do you want signature-based tools, anomaly-based tools, or both?

If you would be content with a good system that doesn't have the ability to mitigate threats in real-time, then that widens your possible solution space quite a bit. In this area, you definitely get what you pay for. FOSS tools that have this capability are way behind commercial tools in ease of maintenance, configuration, and how many types of attacks they work against. So that requirement limits your options considerably.

A similar situation exists when we look at the detection method, signature vs. anomaly. Signature-based systems are a dime a dozen, but they don't cover the really dangerous stuff. Anomaly-based systems are somewhat more useful against the scarier threats, but no FOSS solution comes anywhere close to the commercial offerings. If you choose a FOSS alternative for an anomaly-based IDS/IPS, you will spend so much effort tuning and maintaining that you won't have any time left to respond to issues, and you will still not get adequate results.

I should point out that you have also limited yourself by considering only NIDS/IPS systems. The proper bundle of technologies and tools could give you the real intelligence that you need, whether or not it included NIDS/IPS. Other classes of tools, like SIMS, accounting systems, or deception environments have their uses too.

There are plenty of other aspects to consider, but that would take pages to discuss. All of this could be moot depending on your traffic loads, user demographics, platform constituency, infrastructure design, org chart, geographic distribution, existing IT policies, etc. etc. etc. There's just no universal solution.

Slashdot Top Deals

Lots of folks confuse bad management with destiny. -- Frank Hubbard

Close