Alarm response strategies

• Previous message: Ed Donegan: "RE: IPS Futures"
• Next in thread: Rob Shein: "RE: Alarm response strategies"
• Reply: Rob Shein: "RE: Alarm response strategies"
• Maybe reply: Joshua Berry: "RE: Alarm response strategies"
• Maybe reply: Richard Bejtlich: "RE: Alarm response strategies"
• Maybe reply: Joshua Berry: "RE: Alarm response strategies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 23 Jul 2004 09:35:24 +0200
To: <focus-ids@securityfocus.com>

  Hi all,

    May we discuss on which are the strategies that the IPS vendors use to prevent/respond from/to attacks?

- When do they change a firewall rule
- When to reset a connection
- When to create an ACL on a router

Are all of the responses used with a logical sense?
Should they been used depending on the type of the attack?
Only depends on the capability of each vendor?
What more strategies are there?

Thank you in advance,
__________________________________________________
MONDRAGON UNIBERTSITATEA
Urko Zurutuza
Dpto. Informática
Loramendi 4 - Aptdo.23
20500 Arrasate-Modragon
Tel. +34 943 739636 // +34 943 794700 Ext.297
www.eps.mondragon.edu
uzurutuza@eps.mondragon.edu

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

• Previous message: Ed Donegan: "RE: IPS Futures"
• Next in thread: Rob Shein: "RE: Alarm response strategies"
• Reply: Rob Shein: "RE: Alarm response strategies"
• Maybe reply: Joshua Berry: "RE: Alarm response strategies"
• Maybe reply: Richard Bejtlich: "RE: Alarm response strategies"
• Maybe reply: Joshua Berry: "RE: Alarm response strategies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]