Resynchronizing NIDS Systems

by Eric Hacker
Sept. 19, 2017 0 comments Symantec Detection & Response

This article is about fixing things. Greg Hoglund and Jon Gary have demonstrated many ways of breaking things, particularly network intrusion detection systems (NIDS) systems, in their thoughtful article Multiple Levels of Desynchronization and other concerns with testing an IDS system. The article will demonstrate that a NIDS can be designed to address most of the issues they raise. Much of the first half is dry, one should feel free to skip ahead if one does not have the patience for fundamentals. This article is the exploration of ideas that will require further research to be fully validated and may not apply to all environments.