We have been using signature-based systems but now feel the need for
some additional security protection that might be provided via an
anomaly-based IDS system (zero day exploits, etc).
I'm not experienced with anomaly-based systems and know only what I've
seen on the web, or sevral years ago at some trade shows. Some seem to
be focused more on network operation but also have the IDS component. At
least for right now, I've been asked to look at security systems.
Any good ideas, suggestions, or horror stories about anomaly-based
systems that may be a help would be appreciated. Up til now I've only
been saving signature related emails from this list.
Thanks,
Dave
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of GMail
Sent: Wednesday, January 09, 2008 2:59 AM
To: focus-ids@securityfocus.com
Subject: signature based IDS/IPS effectiveness
focus-ids,
How effective are signature based IDS/IPS systems on text based
protocols which involves grammar like PL/SQL. Using PL/SQL I can write
same query with different ways and different constructs that leads to
different query patterns. So does not that mean stateless signature
based IDS/IPS are useless for database servers, etc.
Best Regards,
Mayur
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
