Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to choose an IDS/FW MSS provider

from [Nigel Lewis] Network Security [Permanent Link]
Subject: RE: How to choose an IDS/FW MSS provider
Date: Thu, 17 Mar 2005 09:19:14 -0000 

Looking at the different responses to this question, I think that maybe the
question might be better split, as I believe there two succinctly different
issues:

1) How to select an IDS/FW product
2) How to select an MSS provider

I am ignoring 1 as its been done to death, but in terms of question 2), here
are some criteria for consideration:
* Is the MSS provider product agnostic?
* Are the SOCS physically secured?
* Are the SOC's assessed and registered to 17799 standards by an independent
certification body
* Are the SOC'S manned by staff, that have a) recognised security
certification status and b) the experience to use the qualifications?
* Do the SOC's have global geographic coverage and insight?
* The Quality of the event correlation process and tools?
* How does the SOC undertake vulnerability research and intelligence?
* Response, SLA's and ability to execute suitable action?

-Nigel

-----Original Message-----
From: Chris Harrington [mailto:charrington@nitrosecurity.com] 
Sent: 16 March 2005 04:26
To: 'Adam Powers'; 'David W. Goodrum'; 'Stephane'
Cc: 'Brady, Rick'; 'Melih Kirkgöz (Koç.net)'; focus-ids@securityfocus.com
Subject: RE: How to choose an IDS/FW MSS provider


-----Original Message-----
From: Adam Powers [mailto:apowers@lancope.com]
 

Besides, the device still needs an IP on the local network for management.

Sounds like security through obscurity to me.

You do not need an IP address to manage an IPS. You just have to route the
management traffic through the IPS if you want to do in band management.
Telco equipment has been doing this sort of thing for a while. There are
instances where a management interface with an IP makes sense but it is not
required.


With the obvious success of IPS technologies at the perimeter, I find it

hard to believe that IPS and FW >technologies will remain disparate
technologies for more than a few more years. The IPS vendors need to >do one
of two things:


1. Find a good firewall vendor to acquire them or 2. Build a full featured

firewall from scratch.

I think you're looking in the wrong direction strategically. IPS at the edge
devices (i.e. switch ports) is the next frontier. Protecting the core from
the distribution layer and workstations from other workstations is next. You
already have some IPS vendors rushing in this direction. IPS at the network
perimeter is old hat by now. There may be some more convergence down the
road in the FW / IPS space but I don't see much more.


--Chris


Christopher Harrington, CISSP
Director, Nitro Threat Analysis Center
nitrosecurity
o: 603.766.8160 x25
c: 603.969.0592
e: charrington@nitrosecurity.com
w: www.nitrosecurity.com
Skype: chrisharrington



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

*******************************************************************************
A single supplier for all your IT security requirements ( Experts in Internet, 
Server & Data security ) Internet Email Confidentiality Notification Footer:
Privileged/Confidential Information may be contained in this message, please do 
not forward to a third party without written authorisation. If you are not the 
addressee indicated in this message (or responsible for delivery of the message 
to said person), you may not copy or deliver this message to anyone. In such 
case, you should destroy this message and notify us immediately. If you or 
your employer does not consent to Internet email messages of this kind, please 
advise us immediately. Opinions, conclusions and other information expressed in 
this message are not given or endorsed by my firm or employer unless otherwise 
indicated in separate written format by an authorised representative 
independent of this message. Errors and omissions excepted. 
All Trademarks and Copyright is acknowledged.

This email has been scanned for Virus content.

*******************************************************************************


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to choose an IDS/FW MSS provider, Sasser
Next by Date:  Re: How to choose an IDS/FW MSS provider, Andre Ludwig
Previous by Thread:  Re: How to choose an IDS/FW MSS provider, Devdas Bhagat
Next by Thread:  RE: How to choose an IDS/FW MSS provider, Sergey V Soldatov
Indexes:  [Date] [Thread] [Top] [All Lists]