Re: host-based ids evaluationFrom: Talisker (email@example.com)
- Previous message: Chan Kien Eng: "RE: Ethernet tap vs. spanned port"
- Maybe in reply to: gianluca valecchi: "host-based ids evaluation"
- Next in thread: Talisker: "Re: host-based ids evaluation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Talisker" <firstname.lastname@example.org> To: "Kurt Seifried" <email@example.com>, "roy lo" <firstname.lastname@example.org> Date: Thu, 15 Aug 2002 22:36:32 +0100
There will rarely be a perfect analogy or definition. But by categorising
products it helps to avoid ambiguities when selecting products. I feel
SecureEXE falls into the category of File Integrity Checker. I'm biased I
try to maintain a website listing all IDS of every persuasion, if I didn't
categorise them the "one" page would be huge (just kidding) As discussed
earlier they are different beasts and should be separated as such.
I personally don't see the discussion as silly, if it helps people realise
there are succinct differences in the products they are looking to purchase.
I agree that some of the approaches taken on these days are indeed
innovative, the vendors (some) should be commended on their forward
thinking. (did I just say that ?)
> Ok... So solutions such as SecureWave SecureEXE which are host based, and
> block execution of non approved code in real time (generate a database of
> md5/sha1 sigs for known good apps, install client, done) is reactive?
> People, definitions like this pro/reactive are SILLY. Really really silly.
> There are so many products out now taking all sorts of interesting
> approaches and implementaitons it's really stupid to be making such broad
> Let the argument and bad analogies begin!