Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

snort-inline capabilities ( WAS: Re: Fortinet IDS )

from [Jason] Network Security [Permanent Link]
Subject: snort-inline capabilities ( WAS: Re: Fortinet IDS )
Date: Thu, 21 Oct 2004 14:35:33 -0400
I imagine you could easily handle that stuff. ClamAV allows for custom virus detection so even if there is no detection for the spyware you could create it. Another avenue is using the spyware rules available for snort you could create block variants. I've no experience with the spyware rules so I cannot attest to accuracy but the solution is certainly capable of it.

perhaps the inline folks would care to comment.

David Puckett wrote:

Will this also prevent spyware/malware/crapware?

Thanks,
David

-----Original Message-----
From: Ryan Whalen [mailto:whalenryan@hotmail.com]
Sent: Tuesday, October 19, 2004 1:28 PM
To: Jason; Ian Gallagher
Cc: Don Draper; focus-ids@securityfocus.com
Subject: Re: Fortinet IDS


I am using a Fortigate firewall. It inspects all traffic transparently for IDS/Virus events.

I believe they used Snort for their IDS. Fortinet provides signature updates for the IDS system several times a week. We are very happy with this solution.

Ryan
----- Original Message ----- From: "Jason" <security@brvenik.com>
To: "Ian Gallagher" <cdine.org@gmail.com>
Cc: "Don Draper" <don@draperconsulting.com>; <focus-ids@securityfocus.com>
Sent: Monday, October 18, 2004 6:59 PM
Subject: Re: Fortinet IDS



I am not sure how fortinet does it however I know snort-inline now has a clamav preprocessor that will scan for viruses in the traffic and block it if discovered. There is no proxy involved and all traffic is scanned based on a configuration you define. It is a recent development and sure to require beefy hardware but might be worth exploring for the edge points that require virus scanning. X-posting to snort-inline if they want to chime in.

https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469



[...]


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Fortinet IDS, David Puckett
Next by Date:  Re: new intrusion detection system, Herve Debar
Previous by Thread:  RE: Fortinet IDS, David Puckett
Next by Thread:  RE: Fortinet IDS, Michael Allgeier
Indexes:  [Date] [Thread] [Top] [All Lists]