Re: Testing IDS/IPS Solutions
- From: Aaron Turner <synfinatic@xxxxxxxxx>
- Date: Wed, 11 Jan 2006 16:30:35 -0800
On 1/7/06, Andres Riancho <andres.riancho@xxxxxxxxx> wrote:
> You could use tcpsic for testing how well the appliance handles
> fragmented packets, you could use nikto and nessus to see how many
> attacks each one detects a
Why would you use a vulnerability scanner to see how an UTM detects an
attack? Vuln scanners nowadays go to great lengths NOT to actually
exploit a vulnerability because people get pissed when their servers
crash.
If you want to see how well an UTM detects someone running nessus
against your network, then by all means use nessus. But if you want
to see how well it detects an actual attack, then you had better use
traffic which actually looks like an actual exploit.
With that said, the original poster should go look in the list
archives and google. Someone asks how to test an
IDS/IPS/Firewall/UTM/etc on this list every virtually every week and
it's pretty boring reading the same answers/vendors reminding us that
nothing significant has changed in the last year or so.
--
Aaron Turner
http://synfin.net/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- Re: Testing IDS/IPS Solutions
- From: Nomellames nunca
- Re: Testing IDS/IPS Solutions
- References:
- Testing IDS/IPS Solutions
- From: Jimmy Stewpot
- Re: Testing IDS/IPS Solutions
- From: Andres Riancho
- Testing IDS/IPS Solutions
- Prev by Date: RE: Tuning false positives - SIM is not the answer
- Next by Date: RE: Tuning false positives - SIM is not the answer
- Previous by thread: Re: Testing IDS/IPS Solutions
- Next by thread: Re: Testing IDS/IPS Solutions
- Index(es):
Relevant Pages
|
