IDS mailing list archives
RE: Views and Correlation in Intrusion Detection
From: Sakaba <charismaman2 () yahoo ca>
Date: Wed, 25 Jun 2003 11:27:47 -0400 (EDT)
==>I'd like to see a system that looks at packets coming in to the network, compares those to packets hitting specific servers, "knows" if the server is vulnerable to the specific attack and *then* sends an alert. <== ISS pretty much covers that. They got NIDS, HIDS, IPS, desktop firewall agents and a vulnerability scanner that all report to the same GUI. The Fusion module then correlates it all. So what you get is an attack detected by the NIDS. Then detected as reaching the target by the HIDS on the target. Beside that will be a notation wether or not the box is vulnerable to the attack in the first place. Those are the pros. The cons are it isn't open source so you can't see the decodes which makes investigating false positives really annoying. Also its commercial so its not exactly free. Great stuff if you got lots of money to through around though. Peace, sakaba ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- RE: Views and Correlation in Intrusion Detection, (continued)
- RE: Views and Correlation in Intrusion Detection Rob Shein (Jun 22)
- RE: Views and Correlation in Intrusion Detection Kohlenberg, Toby (Jun 18)
- Re: Views and Correlation in Intrusion Detection adam.w.hogan (Jun 23)
- Re: Views and Correlation in Intrusion Detection Paul Schmehl (Jun 25)
- Re: Views and Correlation in Intrusion Detection Randy Taylor (Jun 23)
- RE: Views and Correlation in Intrusion Detection adam.w.hogan (Jun 25)
- RE: Views and Correlation in Intrusion Detection Schmehl, Paul L (Jun 25)
- RE: Views and Correlation in Intrusion Detection Scott M. Algatt (Jun 25)
- RE: Views and Correlation in Intrusion Detection Chmielarski TOM-ATC090 (Jun 25)
- Re: Views and Correlation in Intrusion Detection Mike Coliton (Jun 26)
- RE: Views and Correlation in Intrusion Detection Sakaba (Jun 26)
- RE: Views and Correlation in Intrusion Detection Kohlenberg, Toby (Jun 26)
- RE: Views and Correlation in Intrusion Detection Chmielarski TOM-ATC090 (Jun 26)
- RE: Views and Correlation in Intrusion Detection Sekurity Wizard (Jun 26)
- RE: Views and Correlation in Intrusion Detection David Markle (Jun 27)
- RE: Views and Correlation in Intrusion Detection Ron Gula (Jun 26)
- RE: Views and Correlation in Intrusion Detection Paul Schmehl (Jun 27)
- RE: Views and Correlation in Intrusion Detection Richard Ginski (Jun 27)