Re: couple IDS development questions



Sorry for piping in late. If it is a new IDS project that you want to
start, have you considered working on a Host-based IPS? There is a lot
of potential in this field.

If your interests are limited to Network-based security systems, then
others on the list have already said what needs to be said.

~Z

On 16 Oct 2007 12:13:56 -0000, whilter@xxxxx <whilter@xxxxx> wrote:
Hi


Recently i'm working on a new IDS project.

As a matter a fact at the moment i'm stuck in a point where i'm supposted to decide few very important things :


1) Which language?? C/C++ with its

already implemented projects (Snort, ModSecurity), Java with its multiplatform option?


2) Should I just take a project and try to build a new one on top of it? Snort fe ? Has anybody done that before? Any suggestions?


3) How is network IDS analizing network activity when almost every package nowadays is encrypted?


4) I'm thinking about encrypting IDS messages/alerts-packages as well? What cipher should i use?


I dont want to "go in a wrong direction" from the start so please help ;]

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------