Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Definition of Zero Day Protection

from [Drew Simonis] Network Security [Permanent Link]
Subject: Re: Definition of Zero Day Protection
Date: Mon, 09 Aug 2004 14:07:15 -0500 

----- Original Message ----- 
From: "Teicher, Mark (Mark)" 
Date: Sun, 8 Aug 2004 19:47:48 -0600 
Subject: Definition of Zero Day Protection 


What is Zero Day Protection


It is, as you stated, another marketing blurb, but it isn't 
just that.  Usually, this bit of jargon is applied to a 
detection/prevention system that uses things like heuristic 
detection techniques, behavior based detection, protocol
anomoly or some other advanced methods.  These allow the 
activity to be blocked or alerted on, as opposed to the 
specific event.  

So, for example, a worm can be characterized by certain 
activity.  Say, opening connections to lots of remote
hosts in a short period of time.  This behavior can be
blocked (e.g. the process can be killed) even without 
knowing that it was WormX.  


hth,
-Ds

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Avoiding VLAN bridge with N-IDS?, Rodrigo Barbosa
Next by Date:  RE: Definition of Zero Day Protection, Teicher, Mark (Mark)
Previous by Thread:  RE: Definition of Zero Day Protection, Carey, Steve T GARRISON
Next by Thread:  RE: Definition of Zero Day Protection, Teicher, Mark (Mark)
Indexes:  [Date] [Thread] [Top] [All Lists]