Intrusion Prevention requirements document
Date: 10/28/05

  • Next message: Nick Black: "Re: RPC Evasion techniques"
    Date: Fri, 28 Oct 2005 01:09:31 +0000


    I work on a team that manages signature and behavioral based intrusion detection systems today. We have been tasked with reviewing IPS (or whatever vendor name acronym you prefer) in '06. Our normal process is to put together a base requirements document to weed out vendors in the first round through a paper excercise and then bring in the best we can identify. My question is, has anyone developed a matrix that identifies key qualifiers in an IPS solution (e.g. in-line, fails open/closed, reporting features, etc.). If so, could you provide links or the documents?

    If not, what categories are most significant to consider in your expert opinions? What reasons did you choose the solution you have? What would you consider if you had to choose over again, etc?

    Thanks in advance for your responses.


    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to
    to learn more.

  • Next message: Nick Black: "Re: RPC Evasion techniques"