Re: ncircle's IP360
From: Bennett Todd (bet@rahul.net)Date: 10/10/01
- Previous message: Eela Sharma: "Re: IDS Sensor on ATM"
- In reply to: Konrad Pociask: "ncircle's IP360"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Oct 2001 09:42:25 -0400 From: Bennett Todd <bet@rahul.net> To: Konrad Pociask <kpociask@hotmail.com> Subject: Re: ncircle's IP360 Message-ID: <20011010094225.A13760@rahul.net>
2001-10-09-23:25:54 Konrad Pociask:
> Has anyone tried ncircle's IP360?
I haven't, yet. I've spoken with people who have, and have talked
with folks from nCircle (nee Hiverworld).
> I've heard some positive news about the product's performance
> running on a Gigabit network.
That's the claim, and I find it believable.
> Supposedly running at full wire-speed, does anyone know how this
> IDS differentiates itself from other products allowing it to run
> so fast.
The main way is they couple a vulnerability scanner to the IDS. The
vuln scanner periodically probes the net that the IDS is sniffing,
examining all machines on the net, classifying 'em by OS, and
locating services that might have known holes [i.e. for which there
are known signatures].
The list of candidate vulnerabilities is then used to tune the
sniffer; it only _looks_ for patterns for which the actual install
systems might be vulnerable. Fix all your potential holes and it
isn't looking for anything. Leave no more than a handful and it's
got a very short sig list.
The heart of this gizmo is the vuln scanner and its integration with
the IDS.
-Bennett
- application/pgp-signature attachment: stored
- Previous message: Eela Sharma: "Re: IDS Sensor on ATM"
- In reply to: Konrad Pociask: "ncircle's IP360"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
