Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IPS Blocking Spyware?

from [Murtland, Jerry] Network Security [Permanent Link]
Subject: RE: IPS Blocking Spyware?
Date: Fri, 3 Dec 2004 09:16:23 -0500 
The better question is how/where does it stop the spyware?  You can have
companies stop spyware from communicating your information to external web
servers via http all day long with a strongly maintained web filter, but if
you don't stop it from installing on your systems, your chasing your tail!
I have yet to see a product that is able to stop it from actually being
installed, and yes, I'm aware of disabling ActiveX.  But if a company uses
ActiveX in some of their web apps, what can they do?  I see it as more of a
file search tool, which means it's still reactive and would be as
maintenance intensive as .dat/.nav file updates.  Some companies boast that
their product can stop spyware, well I can't speak for Tipping Point, but if
they don't stop it from being installed, they haven't stopped it.

Jerry


-----Original Message-----
From: Maynor, David (ISS Atlanta) [mailto:dmaynor@iss.net]
Sent: Thursday, December 02, 2004 9:56 AM
To: Ron; focus-ids@securityfocus.com
Subject: RE: IPS Blocking Spyware?
Importance: Low


I could be wrong but if memory serves me correctly TippingPoint has
rules for 28 pieces of spyware. Double check with a sales rep, but that
number is stuck in my head for some reason.

-----Original Message-----
From: Ron [mailto:iago@valhallalegends.com] 
Sent: Tuesday, November 30, 2004 11:36 AM
To: focus-ids@securityfocus.com
Subject: IPS Blocking Spyware?

I've recently heard that Tipping Point's IPS appliance now blocks 
spyware programs.  Has anybody else heard this / experimented with this?

Thanks!

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS, IPS and encrypted traffic, Jet
Next by Date:  Re: NIDS and HIDS, Matthew Romanek
Previous by Thread:  RE: IPS Blocking Spyware?, Maynor, David (ISS Atlanta)
Next by Thread:  Re: IPS Blocking Spyware?, Darren Rogers Mailing Lists
Indexes:  [Date] [Thread] [Top] [All Lists]