IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Views and Correlation in Intrusion Detection

From: Sakaba <charismaman2 () yahoo ca>
Date: Wed, 25 Jun 2003 11:27:47 -0400 (EDT)
==>I'd like to see a system that looks at packets 
coming in to the network,
compares those to packets hitting specific  servers,
"knows" if the server
is vulnerable to the specific attack and  *then* sends
an alert. <==

ISS pretty much covers that.  They got NIDS, HIDS,
IPS, desktop firewall
agents and a vulnerability scanner that all report to
the same GUI.  The
Fusion module then correlates it all.

So what you get is an attack detected by the NIDS.
Then detected as reaching the target by the HIDS on
the target.
Beside that will be a notation wether or not the box
is vulnerable to the
attack in the first place.

Those are the pros.

The cons are it isn't open source so you can't see the
decodes which makes
investigating false positives really annoying.  Also
its commercial so its
not exactly free.  Great stuff if you got lots of
money to through around
though.

Peace,
sakaba


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: