Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Definition of Zero Day Protection

from [hidsbr] Network Security [Permanent Link]
Subject: Re: Definition of Zero Day Protection
Date: Mon, 9 Aug 2004 19:20:42 -0300 

I believe the best protection is composed by IPSses 
with high level configuration and HIDS on servers 
blocking the undesired zero day attacks.

This way you can avoid stopping normal traffic without 
protecting the servers.


----- Original Message ----- 
From: "Carey, Steve T GARRISON" <steven-
carey@us.army.mil>
To: "Teicher, Mark (Mark)" <teicher@avaya.com>
Cc: "Seanor, Joseph (Joe)" <jseanor@avaya.com>; <focus-
ids@securityfocus.com>
Sent: Monday, August 09, 2004 2:27 PM
Subject: RE: Definition of Zero Day Protection


Would say they are 'misguided', they believe it.  But 
from the different IDS and IPS systems I have tested 
and used, the IPS CAN stop attacks, however, if someone 
in your organization starts using a new software, it 
may get stopped by the IPS.  Also, if the Zero Day 
Exploit is on the encrypted side, like ssl, then no it 
wouldn't stop it.  

There is some new technology being worked concerning 
Kernel Protection that comes close, but still is being 
worked.

The biggest problem with Zero Day Protection is 
encrypted programs.  Host based programs can work, but 
still believe that as of today it is still going to 
take a human to ensure Zero Day Protection (provided 
they have the necessary tools to do it with). 

Steve

-----Original Message-----
From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
Sent: Monday, August 09, 2004 12:14 PM
To: Carey, Steve T GARRISON
Cc: Seanor, Joseph (Joe); focus-ids@securityfocus.com
Subject: RE: Definition of Zero Day Protection


Marketing ploy??  You mean marketing people don't state 
the truth about
Zero Day Protection and how it works ??

/mark

-----Original Message-----
From: Carey, Steve T GARRISON [mailto:steven-
carey@us.army.mil] 
Sent: Monday, August 09, 2004 11:08 AM
To: Teicher, Mark (Mark)
Cc: Seanor, Joseph (Joe); focus-ids@securityfocus.com
Subject: RE: Definition of Zero Day Protection

My own personal opinion, based on 7 years of experience 
in intrusion
detection, is that it is a marketing ploy.  Only way to 
ensure Zero Day
Protection is to use a 'suite' of IDS tools and have an 
analyst looking
at those logs 24/7 to find the Zero Day Exploit.  

Vendors can state they prevent Zero Day Exploits but to 
do that you can
also stop legitimate traffic.  Maybe sometime in the 
future that can
happen, but not today.

Steve Carey

--------------------------------------------------------
------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-
world attacks from CORE
IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-
ids_040708 to learn more.
--------------------------------------------------------
------------------

 
__________________________________________________________________________
Acabe com aquelas janelinhas que pulam na sua tela.
AntiPop-up UOL - É grátis!
http://antipopup.uol.com.br/



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS deployment outside FW?, Dr Bit Bucket
Next by Date:  Re: need help, tcp fin
Previous by Thread:  Re: A Network IPS Proposal (was Definition of Zero Day Protection), Shaiful
Next by Thread:  RE: Definition of Zero Day Protection, Joseph Hamm
Indexes:  [Date] [Thread] [Top] [All Lists]