Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firewalls (was Re: IDS evaluations procedures) - AI

from [Richard Bejtlich] Network Security [Permanent Link]
Subject: Re: Firewalls (was Re: IDS evaluations procedures) - AI
Date: Wed, 27 Jul 2005 15:41:20 -0400 
On 7/26/05, Swift, David <dswift@ipolicynetworks.com> wrote:

Any single packet or detected IDS event means little by itself, but the
combination and sequence of events from the same source should allow me
to increase the threat level of a given source, and correspondingly
adjust my responses up to the point where I dynamically harden my
firewall from his source address regardless of what data he's
transmitting, AND hopefully beginning the automation of forensic
analysis...


Hello,

A source-centric security posture is only effective against
unsophisticated attackers.  I see only the most immature of intruders
conducting their reconnaissance, exploitation, and so on from the same
source IP or even the same net block.

The only constant in any intrusion is the victim.  Target-centric
security is the only way to have a chance against mildly sophisticated
attackers and beyond.

Sincerely,

Richard
http://www.taosecurity.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS alerts / second - Correlation - Virtualization, Ron Gula
Next by Date:  RE: Firewalls (was Re: IDS evaluations procedures) - AI, Swift, David
Previous by Thread:  RE: Firewalls (was Re: IDS evaluations procedures) - AI, Swift, David
Next by Thread:  Snort 2.4 Released, Jennifer Steffens
Indexes:  [Date] [Thread] [Top] [All Lists]