Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS evaluations procedures

from [Richard Bejtlich] Network Security [Permanent Link]
Subject: Re: IDS evaluations procedures
Date: Fri, 22 Jul 2005 08:49:29 -0400 
On 7/22/05, Nathan Davidson <ndavidso@globix.com> wrote:

I know that a lot of people are sceptical about marketure claims for IPS
and Application firewalls (aka active traffic processing?) and would
prefer to stick with the less risky approach of IDS (active/passive
monitoring?) but I think despite the hype there is significant merit in
this technology.


Hi Nathan,

Thanks for all of your thoughts.  

I don't see this as an either/or issue.  Good security requires
prevention AND detection.  An IDS (probably another misnamed device)
should be a policy failure detection system and a network transaction
logging system.  It should keep track of what's happening on the
network to identify when access controls fail, and provide evidence in
an incident response scenario.  That framework is what I call "Network
Security Monitoring."  NSM is completely separate from the
protection/prevention aspect of network security, although tight
controls simplify detecting suspicious and malicious activity.

Sincerely,

Richard
http://www.taosecurity.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Firewalls (was Re: IDS evaluations procedures), Fergus Brooks
Next by Date:  RE: IDS evaluations procedures, Nathan Davidson
Previous by Thread:  RE: IDS evaluations procedures, Nathan Davidson
Next by Thread:  NetFlow for IDS, Andy Cuff
Indexes:  [Date] [Thread] [Top] [All Lists]