Re: NIPS Vendors explicit answer

From: Vikram Phatak (vphatak_at_lucidsecurity.com)
Date: 04/27/04

  • Next message: Vikram Phatak: "Re: NIPS Vendors explicit answer" 
    Date: Mon, 26 Apr 2004 20:15:34 -0400
To: Ron Gula <rgula@tenablesecurity.com>

    Hi Ron,

    Thank you. For vulnerability detection we feed a nessus engine with the
    IP addresses & ports that we want to scan based upon either a firewall
    policy or manual entry by the administrator. Nessus is probably the
    best scanner around, but you know that already :-)

    As far as IDS signatures - we write our own. They are based upon the
    vulnerability (whenever possible) as I mentioned in the initial posting.

    Best Regards,
        -Vik

    Ron Gula wrote:

    >
    >>
    >> As with firewalls, we believe IPS needs to be more black and white
    >> regarding the approach taken. While much of the work being done
    >> regarding anomalous behavior is "cool", it is not practical unless it
    >> can be used in the "real world" to prevent attacks. Believing that
    >> traffic is harmful and knowing it is harmful are two different
    >> things. Besides which, I have never personally seen a product that
    >> operates on "magic foo-foo dust" work.
    >
    >
    > Excellent summary of ipANGEL. What do you use for vulnerability
    > detection and IDS signatures?
    >
    > Ron Gula, CTO
    > Tenable Network Security
    > http://www.tenablesecurity.com
    >
    > ---------------------------------------------------------------------------
    >
    >
    > ---------------------------------------------------------------------------
    >
    > 

    -- 
Vikram Phatak
CTO, Lucid Security
http://www.lucidsecurity.com
ipANGEL -"Best Emerging Technology" - Information Security Magazine
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Vikram Phatak: "Re: NIPS Vendors explicit answer"

    Relevant Pages

    • Re: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... you need to find some vulnerability that could be exploited to run ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ...
      (Pen-Test)
    • [NT] Vulnerability in Server Service Could Allow Remote Code Execution (MS06-035)
      ... Vulnerability in Server Service Could Allow Remote Code Execution ... Firewall best practices and standard default firewall configurations ... This port is used to initiate a connection with the affected component. ... Internet to help prevent attacks that may use other ports. ...
      (Securiteam)
    • US-CERT Technical Cyber Security Alert TA04-036A -- HTTP Parsing Vulnerabilities in Check Point Fire
      ... HTTP Parsing Vulnerabilities in Check Point Firewall-1 ... attacks once it has passed through the firewall at the network level. ... vulnerability that is triggered by sending an invalid HTTP request ... attacker is included in the format string for a call to sprintf. ...
      (Cert)
    • US-CERT Technical Cyber Security Alert TA04-036A -- HTTP Parsing Vulnerabilities in Check Point Fire
      ... HTTP Parsing Vulnerabilities in Check Point Firewall-1 ... attacks once it has passed through the firewall at the network level. ... vulnerability that is triggered by sending an invalid HTTP request ... attacker is included in the format string for a call to sprintf. ...
      (Cert)
    • Re: firewall auditing/testing
      ... i have my own question how to test your firewall if its really secured. ... everything from the internet and permit only the basic applications. ... Is there any other tools that can penetrate/test the firewall vulnerability? ... Download FREE whitepaper on how a managed service can ...
      (Pen-Test)