Re: IDS testing methodologies

["Sam f. Stover" <sstover () atrc sytexinc com>]

On Tuesday, December 30, 2003, at 02:42  PM, Henrik Falkenthros, 
direktoer wrote:

> Hi List !
>
> I'm trying to find out ways of testing different IDS systems; is there 
> a
> 'recommended'/best practise methodology for testing Network based IDS 
> (NIDS)
> ? Any information - papers, tools, links and own experience are much
> appreciated,,, 8-)
>
> cheers, Henrik Falkenthros

The best baseline methodology IMHO is OSEC from Neohapsis:

http://osec.neohapsis.com/

I'm biased because I contributed to the methodology, but that doesn't 
mean I'm wrong... ;-).  Lot's of people contributed to it, and I think 
it's a very vendor-neutral process that was built w/ the customer in 
mind, not the vendor.

I don't think you need a ton of high-end gear to implement most of the 
tests yourself, or at least get an idea of tests that apply to your 
environment.  The main exception would be the high-end bandwidth tests 
which use some expensive traffic generators.

hth.
____
S.f.Stover
sstover () atrc sytexinc com


---------------------------------------------------------------------------
---------------------------------------------------------------------------