Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: IPS comparison

from [gmail] Network Security [Permanent Link]
Subject: Re: RE: IPS comparison
Date: 14 Sep 2005 20:43:12 -0000 
IDS is nothing w/out active monitoring. only probably good for forensic. ALso 
IDS w/ active functionality has been around for awhile, it just hasn't work 
100% (sending Resets, or running custom scripts)

IPS hmm.. you really have to do thorough testing such as bypass functionality 
(is the box gonna go down when its being patched, when link is lost and such) 
some vendor's bypass unit doesn't kick in for a good 15 ~30 seconds. some have 
them built in to the actual IPS (proventia G100) 

most IDS's will also have a 'simulation mode' where the logs will show that its 
blocking but its not actually blocking off the connections. IPS's should be 
treated like firewalls, if an IPS goes down with out a bypass there goes your 
network...  Another thing w/ IPS is u have to have a vendor who is going to 
release signature updates promptly. Go w/ a protocol anomaly based + stateful 
signature IPS and a good bypass unit. 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Auto-sensing for IPS devices, gmail
Next by Date:  Re: Auto-sensing for IPS devices, Lachlan Bowes
Previous by Thread:  RE: IPS comparison, Frank Knobbe
Next by Thread:  OSSIM, Tales Teixeira
Indexes:  [Date] [Thread] [Top] [All Lists]