Re: on NIDS/NIPS tuning
From: Ramon Kagan (rkagan_at_yorku.ca)
Date: 06/10/05
- Previous message: Jason Falciola: "Re: on NIDS/NIPS tuning"
- In reply to: Anton A. Chuvakin: "on NIDS/NIPS tuning"
- Next in thread: Drew Simonis: "Re: on NIDS/NIPS tuning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Jun 2005 08:20:38 -0400 (EDT) To: "Anton A. Chuvakin" <anton@chuvakin.org>
HI,
We continually keep our NIDS and NIPS tuned, adding new rules, removing
bad ones (false positives or just too heavy to run), etc. I don't quite
see how one can do otherwise. I just don't see how anyone can consider
either a Plug 'n Play solution. In fact it would become a Plug 'n Pray
solution.
Ramon Kagan, GCIA
York University, Computing and Network Services
Information Security - Senior Information Security Analyst
(416)736-2100 #20263
rkagan@yorku.ca
----------------------------------- ------------------------------------
I have not failed. I have just I don't know the secret to success,
found 10,000 ways that don't work. but the secret to failure is
trying to please everybody.
- Thomas Edison - Bill Cosby
----------------------------------- ------------------------------------
On Thu, 9 Jun 2005, Anton A. Chuvakin wrote:
> All,
>
> I was thinking about some issues with IDS alerts (their volume, etc) and
> realized I could use some help from the list. It might also be a fun
> discussion item.
>
> So, here it is: how many folks who buy/download a NIDS/NIPS actually tune
> it? Long time ago when I was asking this question the previous time, I was
> scared to learn that lots of people do not tune their NIDSs. Is it any
> better now?
>
> Best,
> --
> Anton A. Chuvakin, Ph.D., GCIA, GCIH, GCFA
> http://www.info-secure.org
> http://www.securitywarrior.com
>
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Jason Falciola: "Re: on NIDS/NIPS tuning"
- In reply to: Anton A. Chuvakin: "on NIDS/NIPS tuning"
- Next in thread: Drew Simonis: "Re: on NIDS/NIPS tuning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
