Re: what do IDS analysts work on?
From: Rowdy (rowdy_yates_at_no-damn-spam.com)
Date: Mon, 27 Oct 2003 14:02:04 GMT
Thanks for your reply, David!
I am trying to figure out whether, in order to pursure a career in IDS &
firewall design/setup I will need to take some rudimentary UNIX courses. by
the looks of it, it's probably not a bad idea.
David <firstname.lastname@example.org> wrote in
> Generally both. You can sniff traffic from any platform, but to get
> the best signatures which will not only detect specific malicious
> activity, but do so with fewer false positives or ambiguity you often
> have to let an exploit run it's course. So you may need a honeypot
> built upon the platform for which the exploit was desiged. You can run
> virtual machines
> however, where you are running one OS from within another. For the
> part what one needs is a good understanding of the underlying
> protocols so that you know what makes certain exploits unique from
> valid traffic.