Network Security: Detailed info on Re: A Network IPS Proposal (was Definition of Zero Day Protection)

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-IDS

[Top] [All Lists]

Re: A Network IPS Proposal (was Definition of Zero Day Protection)

from [Johnny Calhoun] Network Security

[Permanent Link]

Subject:	Re: A Network IPS Proposal (was Definition of Zero Day Protection)
Date:	Mon, 16 Aug 2004 09:45:23 -0400

On Thursday 12 August 2004 20:35, Shaiful wrote:

similar pattern


How do you define "similar pattern"?
Detecting similar patterns/signatures is trivial if the signature is known in 
advance, but how do you know if something is "similar" before it even 
happens?

And if it is KNOWN then it probably already has a signature right?

Anomaly based Intrusion Detection/Prevention is very complex, much more 
complex than just trapping traffic and predicting similar patterns.  

-- 
Johnny Calhoun, GCIA
Information Security Analyst
LURHQ
843-903-4376 opt2
jcalhoun@lurhq.com

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Definition of Zero Day Protection, (continued) Re: Definition of Zero Day Protection, Devdas Bhagat RE: Definition of Zero Day Protection, Fulp, J.D. USA RE: Definition of Zero Day Protection, Joshua Berry RE: Definition of Zero Day Protection, Brian Smith RE: Definition of Zero Day Protection, Teicher, Mark (Mark) RE: Definition of Zero Day Protection, Brian Smith RE: Definition of Zero Day Protection, Drew Simonis Re: Definition of Zero Day Protection, Stefano Zanero RE: Definition of Zero Day Protection, Drew Copley A Network IPS Proposal (was Definition of Zero Day Protection), Shaiful Re: A Network IPS Proposal (was Definition of Zero Day Protection), Johnny Calhoun <= Re: A Network IPS Proposal (was Definition of Zero Day Protection), Stefano Zanero Re: A Network IPS Proposal (was Definition of Zero Day Protection), Shaiful Re: Definition of Zero Day Protection, hidsbr RE: Definition of Zero Day Protection, Joseph Hamm

Previous by Date:	Re: need help, tcp fin
Next by Date:	Switch Port Mirroring, Andy Cuff
Previous by Thread:	A Network IPS Proposal (was Definition of Zero Day Protection), Shaiful
Next by Thread:	Re: A Network IPS Proposal (was Definition of Zero Day Protection), Stefano Zanero
Indexes:	[Date] [Thread] [Top] [All Lists]