Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Testing IDS/IPS Solutions

from [Aaron Turner] Network Security [Permanent Link]
Subject: Re: Testing IDS/IPS Solutions
Date: Wed, 11 Jan 2006 16:30:35 -0800 
On 1/7/06, Andres Riancho <andres.riancho@gmail.com> wrote:

You could use tcpsic for testing how well the appliance handles
fragmented packets, you could use nikto and nessus to see how many
attacks each one detects a


Why would you use a vulnerability scanner to see how an UTM detects an
attack?  Vuln scanners nowadays go to great lengths NOT to actually
exploit a vulnerability because people get pissed when their servers
crash.

If you want to see how well an UTM detects someone running nessus
against your network, then by all means use nessus.  But if you want
to see how well it detects an actual attack, then you had better use
traffic which actually looks like an actual exploit.

With that said, the original poster should go look in the list
archives and google.  Someone asks how to test an
IDS/IPS/Firewall/UTM/etc on this list every virtually every week and
it's pretty boring reading the same answers/vendors reminding us that
nothing significant has changed in the last year or so.


--
Aaron Turner
http://synfin.net/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tuning false positives - SIM is not the answer, Bruce Young
Next by Date:  RE: Tuning false positives - SIM is not the answer, Ron Gula
Previous by Thread:  Re: Testing IDS/IPS Solutions, Andres Riancho
Next by Thread:  Re: Testing IDS/IPS Solutions, Nomellames nunca
Indexes:  [Date] [Thread] [Top] [All Lists]