IDS mailing list archives
RE: Cisco CTR
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 6 Nov 2003 16:11:40 -0500
I think this largely relates to the earlier discussion about how there is a difference between a "false positive" and an actual attack that fails to succeed. Ask yourself this: are you going to want to know about all attacks or just those that have a chance of success? If someone throws IIS attacks at your apache web server, do you want to know about it...or do you want to wait until they start using apache-compatible exploits? There's a good summary of what CTR does here: http://www.cisco.com/en/US/products/sw/secursw/ps5054/
-----Original Message----- From: Liran Chen [mailto:liranil () optonline net] Sent: Thursday, November 06, 2003 3:41 PM To: focus-ids () securityfocus com Subject: Cisco CTR Hi all I am looking into adding some IDS blades from Cisco in to my catalyst envronment. Cisco rep suggested to complement that solution with CTR to reduce the FP ( False Possitives) This statement rises several questions: 1. What is FP ratio when you compare Cisco IDS to other IDS vendors? 2. CTR is a kind of Nessus or NMAP that check the offended host? Does any one as good/bad experience with this CTR solution? Thanks -------------------------------------------------------------- ------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus> -ids_031023 and use priority code SF4. -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- Cisco CTR Liran Chen (Nov 06)
- RE: Cisco CTR Rob Shein (Nov 06)
- Re: Cisco CTR Gary Flynn (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- Re: Cisco CTR Renaud Deraison (Nov 10)
- Re: Cisco CTR Gary Flynn (Nov 07)
- RE: Cisco CTR Gary Halleen (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 10)
- RE: Cisco CTR Chad R. Skipper (Nov 10)
- RE: Cisco CTR Rob Shein (Nov 06)