IDS mailing list archives

RE: Cisco CTR

From: "Rob Shein" <shoten () starpower net>
Date: Thu, 6 Nov 2003 16:11:40 -0500

I think this largely relates to the earlier discussion about how there is a
difference between a "false positive" and an actual attack that fails to
succeed.  Ask yourself this: are you going to want to know about all attacks
or just those that have a chance of success?  If someone throws IIS attacks
at your apache web server, do you want to know about it...or do you want to
wait until they start using apache-compatible exploits?

There's a good summary of what CTR does here:
http://www.cisco.com/en/US/products/sw/secursw/ps5054/

-----Original Message-----
From: Liran Chen [mailto:liranil () optonline net] 
Sent: Thursday, November 06, 2003 3:41 PM
To: focus-ids () securityfocus com
Subject: Cisco CTR

Hi all 

I am looking into adding some IDS blades from Cisco in to my 
catalyst envronment. Cisco rep suggested to complement that 
solution with CTR to reduce the FP ( False Possitives)

This statement rises several questions:
1. What is FP ratio when you compare Cisco IDS to other IDS 
vendors? 2. CTR is a kind of Nessus or NMAP that check the 
offended host? Does any one as good/bad experience with this 
CTR solution?

Thanks

--------------------------------------------------------------
-------------
Network with over 10,000 of the brightest minds in 
information security at the largest, most highly-anticipated 
industry event of the year. Don't miss RSA Conference 2004! 
Choose from over 200 class sessions and see demos from more 
than 250 industry vendors. If your job touches security, you 
need to be here. Learn more or register at 
http://www.securityfocus.com/sponsor/RSA_focus> -ids_031023 

and use priority code SF4.

--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
and use priority code SF4.
---------------------------------------------------------------------------

Current thread:

Cisco CTR Liran Chen (Nov 06)
- RE: Cisco CTR Rob Shein (Nov 06)
  - Re: Cisco CTR Gary Flynn (Nov 07)
    - RE: Cisco CTR Rob Shein (Nov 07)
    - RE: Cisco CTR Michael Marziani (Nov 07)
    - RE: Cisco CTR Rob Shein (Nov 07)
    - RE: Cisco CTR Michael Marziani (Nov 07)
    - RE: Cisco CTR Rob Shein (Nov 07)
    - Re: Cisco CTR Renaud Deraison (Nov 10)
    - RE: Cisco CTR Gary Halleen (Nov 07)
    - RE: Cisco CTR Michael Marziani (Nov 10)
    - RE: Cisco CTR Chad R. Skipper (Nov 10)

(Thread continues...)