Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS Security Metris

from [dpat] Network Security [Permanent Link]
Subject: Re: IDS Security Metris
Date: Fri, 06 Apr 2007 03:38:36 +0300 
Could you please define metrics? It's quite a wide term...

Should you look for decision making criteria (technically speaking), my list
should include:

1. false negative rate, to see how many real incidents your IDS may miss
2. false positive rate, to see how many "fake" incidents your IDS won't miss
3. security of the IDS itself (well, here come another 10 metrics but won't dig
into)
4. handling of encypted traffic (SSL, more precisely)
5. number of supported network segments (either physically or using VLANs)
6. integration/correlation with vulnerability assessment tools (with a unified
attack description so that nobody gets confused)
7. custom signatures (e.g. snort-type) and exceptions capability (sometimes
things get really bad, so it's a very nice to have)
8. integration with log analysis/correlation systems (call them SIM/SEM, etc.)
9. integration with ticketing systems (an incident may widely affect an
organization)
10. automatic responses (or policy-based responses) - not "shunning"
11.reporting (somehow somebody must get nofitied in a language they can
understand)

Should you turn into IPS, take also into account:

x1. number of "trusted" signatures (IBM/ISS-terminology, sorry..)
x2. modes of operation (IDS only, transparent, learning mode, hybrid)
x3. average time of signature issuance (not easy to estimate)

Of course, cost, R&D, vendor stability and coverage, etc. should not be
overlooked.

Lately, there are a number of IDS/IPS technologies used in firewalls,content
security,SSL VPN gateways, etc.If your case is this,the lists above should look
somehow different.

Hope this helps.

Dimitrios Patsos, Ph.D.(Cand.),M.Sc.
Security Architect
CMA,CME,CCDA,CCSA,CCSE


Quoting jlynnmonett@yahoo.com:


Could someone help me.  I need to create a list of 10 security metrics for a
IDS.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to


http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw

to learn more.
------------------------------------------------------------------------









------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Is this for real?, phil . johnson
Next by Date:  Re: IDS Security Metris, Jamie Riden
Previous by Thread:  Re: IDS Security Metris, Eric Hacker
Next by Thread:  Re: IDS Security Metris, tim_holman
Indexes:  [Date] [Thread] [Top] [All Lists]