Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: newbie quetsions

from [Stefano Zanero] Network Security [Permanent Link]
Subject: Re: newbie quetsions
Date: Wed, 12 Jan 2005 20:26:19 +0100
Scruggs Stephen D SSgt AFWA/SCHS wrote: 
Even if the
device has the latest and greatest features and would increase our security
policy tenfold if we used it, if there was the slightest chance it would
drop data, we would throw it out immediately.

What you mean, here, is that you will never, ever use an IPS on your network, since dropping data is exactly what the thing is used for...

Or perhaps what you mean is that you don't want to lose non-attack data (so, you are looking for zero-false-positive tools). Or perhaps what you mean is that you don't want to lose packets due to full queues (so, you are looking for really fast algorithms). Or perhaps both.

In every case, there IS more than the "slightest chance" an IPS will drop data. It's a distinct possibility: it's what the device is used for. If the idea is "better not to drop attack packets, because letting through ALL legitimate packets is so important to us" then you should just look at other technologies.

Stefano

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IPS with no IP address?, Mike Barkett
Next by Date:  RE: Specification-based Anomaly Detection, Kohlenberg, Toby
Previous by Thread:  RE: newbie quetsions, Scruggs Stephen D SSgt AFWA/SCHS
Next by Thread:  RE: newbie quetsions, THolman
Indexes:  [Date] [Thread] [Top] [All Lists]