Re: signature based IDS/IPS effectiveness



Thanks Jamie and Stefano for noticing my issues,
90% of commercial database specific IDS/IPS systems do "signature
matching" exploit detection. They are stateless and mostly based on
snort. So does this mean that all they can do is stop public exploits.
If someone modifies the exploit then the signatures will fail and by
that means the appliances too ?
Limiting privileges to minimum required levels and installing minimum
required of modules on databases will definitely reduce the risk ratio,
but is it sufficient? What about vulnerabilities by which normal user
can get superuser privileges or carry out DOS on database services. Is
there any way to stop these kinds of attacks? Which would be the best
available database security product to handle all these issues?


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: Embed Signature Command
    ... your database will grow extensively as you add more pictures to it. ... You could even create an upload signature ... WindowsUserName in that field instead. ... Dim lStringLength As Long ...
    (microsoft.public.access.formscoding)
  • Re: deleted undotbs01.dbf...
    ... (in fact Undo tablespace has to be backed up ... case you can open your database but when you select from a table you ... i've not the opportunity to talk with other in English and so my ... Lines after that are considered a signature, ...
    (comp.databases.oracle.server)
  • Re: signature based IDS/IPS effectiveness
    ... That depends greatly on the signature. ... For example, using snort it is possible to write a signature that checks first for the protocol, then the application, then the specific function and then the size of the data. ... can get superuser privileges or carry out DOS on database services. ... Mod_security is a good choice for apache, for example, and can stop db attacks before they even get to the web server ...
    (Focus-IDS)
  • RE: "False postive" database idea
    ... >signature looks like in a NIDS, then submitting that signature for insertion ... If the database were then updated with such a signature, ... kind 'NIDS sees an alert and does an online lookup to FPdb'. ...
    (Focus-IDS)
  • Re: Electronic Forms software that integrates well with Access
    ... I have a client for whom I built a client database to replace and update ... electronic signature validation. ... Whatever the "authority" requiring the ...
    (comp.databases.ms-access)