Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS vs. IPS deployment feedback

from [Jean-Philippe Luiggi] Network Security [Permanent Link]
Subject: Re: IDS vs. IPS deployment feedback
Date: Mon, 20 Mar 2006 13:42:44 -0500 
Hello,

On Thu, Mar 16, 2006 at 11:55:42AM -0800, watsont wrote:


Here is my quandary:

My second issue with IPS, at least the current incarnation of them, is that
they do a mediocre job of handling false positives which would lead back to
my initial concern of blocking valid traffic. Lets face it, though they are


  I ran into problems likes these (hopefully in
  testing mode) so i agree, the "false positives"'s problem may be
  considered carefully.
 

number of attacks and growth in bandwidth. In my opinion IDS is by no means
dead. 


  You're right, in fact and the following sentence show this, we've two
  solutions : running a "REACTIVE" or "ACTIVE" mode, and even if both of them 
give problems
  we've to choice.
   

Should we march toward ACTIVE protection measures rather than REACTIVE ones
to keep our networks safe? Absolutely! Are there products out today than can
do this? Sure, but I do not have a level of comfort yet with any of them.


  With security in mind, definitively "ACTIVE" protection is better but with
  care,  we can't afford the risk to do something likes "DOS" to ourself.
  On the other side, "REACTIVE" may be considered less risky but we
  can miss something. Not so easy to choice...
  
  Best regards.
  

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  BASE 1.2.4 (melissa) released, Kevin Johnson
Next by Date:  Multi-Processor based solutions, Surya Batchu
Previous by Thread:  IDS vs. IPS deployment feedback, watsont
Next by Thread:  RE: IDS vs. IPS deployment feedback, Carey, Steve T GARRISON
Indexes:  [Date] [Thread] [Top] [All Lists]