Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Seeking feedback on new IDS/IPS/SEM

from [Stefano Zanero] Network Security [Permanent Link]
Subject: Re: Seeking feedback on new IDS/IPS/SEM
Date: Thu, 12 Jan 2006 21:11:15 +0100 
Security Focus wrote:


some technology being evaluated within DHS.  The technology appears to merge
the functionality of a SEM with an IPS, but more importantly it seems to
make blocking decisions from a centralized layer instead of on the wire,


Looks like any other incident management / security console on the
market, except it's unknown, and its documentation is really difficult
to understand.

As far as centralized decisions on multiple sensors are concerned, I
think that DIDS was the first example of this "new technology", in 1991.
I wasn't even allowed to drink alcohol yet at that time. Go figure.


and
it goes one step further and describes some kind of patented bi-directional
transport that interconnects firewalls, NIDS,IPS, and servers, from a
contextual standpoint.


An interesting example of how bad the concept of "software patent" has
gone over there in the US :)

Looks like a pretty uninteresting protocol based on XML + some kind of
transport layer security.

Like IDMEF, but proprietary, and therefore quite doomed.

I'd bet my 0.02 EUR cents on this being "smoke and mirrors", but I'd be
glad if anyone points out to me anything new in all of this.

Best regards,
Stefano Zanero

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Seeking feedback on new IDS/IPS/SEM, Stefano Zanero <=
Previous by Date:  RE: Tuning false positives - SIM is not the answer, Matthew Caldwell
Next by Date:  Re: Tuning false positives (SIM and VM), David W. Goodrum
Previous by Thread:  TCP ACK/RST packets with data in the Reset Cause, Mike Gibson
Next by Thread:  BASE 1.2.2 (cindy) released, Kevin Johnson
Indexes:  [Date] [Thread] [Top] [All Lists]