Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Suggestion for IDS

from [Peer Janssen] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Suggestion for IDS
Date: Wed, 28 Sep 2005 11:48:06 +0200 
Valdis.Kletnieks@vt.edu wrote:

On Wed, 28 Sep 2005 15:54:41 +0700, Fajar Edisya Putera said:

plan to install IDS to protect our resources


An IDS doesn't *protect* your resources, any more than a concealed
video surveillance camera protects anything. It may tell you who did it, and
what they did, *after the fact*, but it won't *protect* you.


Really? Is there no software package capable of withholding inspected packages until cleared by said IDS?

If I get it right, netfilter actually IS able to reject (and log) packages. Why should an IDS sniffing on a level higher up on the "OSI chain of command" be unable to do the same?

Dropping packets, closing ports and resetting connections (besides logging, maybe notifying users) look like natural useful reactions to the detections deliverad of an IDS to me.

Or are we just talking about definitions (regarding the "D" in IDS), instead of talking about IDPS-ses which the OP clearly seems to imply? (P for prevention)

So what are the IDPS-ses you recommend?

Peer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Suggestion for IDS, Valdis . Kletnieks
Next by Date:  Re: [Full-disclosure] Suggestion for IDS, Valdis . Kletnieks
Previous by Thread:  Re: [Full-disclosure] Suggestion for IDS, Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] Suggestion for IDS, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]