Network Security: Detailed info on RE: IDS alerts / second - Correlation

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-IDS

[Top] [All Lists]

RE: IDS alerts / second - Correlation - Virtualization

from [Frank Knobbe] Network Security

[Permanent Link]

Subject:	RE: IDS alerts / second - Correlation - Virtualization
Date:	Sun, 24 Jul 2005 16:02:32 -0500

On Sun, 2005-07-24 at 13:30 -0700, Swift, David wrote:

Then the data is fed back into the IPS engine and Firewall to
intelligently turn on signatures to block events that the protected
network is vulnerable to, firewall unwanted ports,


Why were the "unwanted ports" open in the first place?

and ideally to turn
off alerting for events the protected network is not vulnerable to.


You meant to say "network is not *known* to be vulnerable to". The
knowing part is the tricky part. I'm not start with 0-day issues. Even
without those, the vulnerability landscape is in flux. What happens when
an not-vulnerable server  dies, and gets restored to a vulnerable
version? Your vulnerability scan engine would have to constantly run
scans.

Again, why not detect "compromises" instead of "assumed/confirmed
vulnerability states"?

Regards,
Frank
(replying without mentioning product/vendor names.... yay!)

signature.asc
Description: This is a digitally signed message part

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: IDS alerts / second - Correlation - Virtualization, Swift, David RE: IDS alerts / second - Correlation - Virtualization, Frank Knobbe <= Re: IDS alerts / second - Correlation - Virtualization, william taft Re: IDS alerts / second - Correlation - Virtualization, Ron Gula RE: IDS alerts / second - Correlation - Virtualization, Palmer, Paul (ISSAtlanta) RE: IDS alerts / second - Correlation - Virtualization, Nathan Davidson RE: IDS alerts / second - Correlation - Virtualization, Swift, David Re: IDS alerts / second - Correlation - Virtualization, william taft Message not available RE: IDS alerts / second - Correlation - Virtualization, Sanjay Rawat RE: IDS alerts / second - Correlation - Virtualization, Biswas, Proneet

Previous by Date:	RE: Firewalls (was Re: IDS evaluations procedures), Swift, David
Next by Date:	Cisco IDS Signature details, Jean-Pierre Denis
Previous by Thread:	RE: IDS alerts / second - Correlation - Virtualization, Swift, David
Next by Thread:	Re: IDS alerts / second - Correlation - Virtualization, william taft
Indexes:	[Date] [Thread] [Top] [All Lists]