Re: Network hardware IPS

From: david maynor (david.maynor_at_oit.gatech.edu)
Date: 10/07/03

  • Next message: Dave Killion: "RE: Network hardware IPS" 
    To: Gary Flynn <flynngn@jmu.edu>
Date: Tue, 07 Oct 2003 09:53:49 -0400

    On Thu, 2003-10-02 at 13:15, Gary Flynn wrote:
    > Ron Gula wrote:
    >
    > > If you are
    > > the type of NIDS fellow who likes to tweak signatures and SSH into your box
    > > to check the logs, it's not for you.
    >
    > I can't imagine installing any type of IDS/IDP device today that wouldn't
    > allow me to examine and tune existing signatures and create new ones. In
    > my environment communication needs vary too much and signature analysis is
    > too inexact to depend upon a vendor's black box. In addition, the ability
    > to instantly react to new threats at the local level in ways that are unique
    > to a particular organization's environment seems, to me, to be invaluable.
    > That has been a strength of both Nessus and Snort. Can you imagine either if
    > all signatures were hidden from us and locked in stone?
    >
    I wouldn't like it but I can see it happening. It is more likely to come
    from security companies that fund alot of research into vulndev and they
    consider their sigs to be company secrets. Think about the last
    marketing pitch for IDSes you have been through, "we detect far more
    attacks than anybody else." You don't have the same punch when your
    marketing is "we detect everything everybody else does."

    -David Maynor

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

  • Next message: Dave Killion: "RE: Network hardware IPS"

    Relevant Pages

    • RE: Network hardware IPS
      ... > Captus Networks IPS 4000 ... > Intrusion Prevention and Traffic Shaping Technology to: ... - Instantly Stop DoS/DDoS Attacks, ...
      (Focus-IDS)
    • Re: Network hardware IPS
      ... allow me to examine and tune existing signatures and create new ones. ... Security Engineer - Technical Services ... Captus Networks IPS 4000 ... Intrusion Prevention and Traffic Shaping Technology to: ...
      (Focus-IDS)