IDS mailing list archives
Re: on NIDS/NIPS tuning
From: Brent Stackhouse <brentstackhouse () yahoo com>
Date: Sat, 11 Jun 2005 19:36:20 -0700 (PDT)
Hey Anton, Yup, I always tune, whether using ISS, Cisco, or McAfee. Don't see how you can avoid it and still get what you want. Even when using a SIM with Cisco IPS, I still have to make sure the "right" signatures are enabled, since Cisco's sig updates don't enable all of them by default (and I may pick different ones to enable than Cisco did). A SIM doesn't change that step, at least not the Cisco MARS product I've been using recently. Brent Stackhouse, GSEC/GCIH
Date: Thu, 9 Jun 2005 13:01:20 -0400 (EDT)From: "Anton A. Chuvakin" <anton () chuvakin org> To: focus-ids () securityfocus com Subject: on NIDS/NIPS tuning All, I was thinking about some issues with IDS alerts (their volume, etc) and realized I could use some help from the list. It might also be a fun discussion item. So, here it is: how many folks who buy/download a NIDS/NIPS actually tune it? Long time ago when I was asking this question the previous time, I was scared to learn that lots of people do not tune their NIDSs. Is it any better now? Best, -- Anton A. Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.info-secure.org http://www.securitywarrior.com
__________________________________ Discover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: on NIDS/NIPS tuning, (continued)
- Re: on NIDS/NIPS tuning Kevin Timm (Jun 10)
- RE: on NIDS/NIPS tuning Darren Webb (Jun 12)
- RE: on NIDS/NIPS tuning Joshua Berry (Jun 09)
- Re: on NIDS/NIPS tuning Jason Falciola (Jun 10)
- Re: on NIDS/NIPS tuning Martin Roesch (Jun 12)
- Re: on NIDS/NIPS tuning Drew Simonis (Jun 10)
- RE: on NIDS/NIPS tuning Gary Halleen (Jun 10)
- Re: on NIDS/NIPS tuning Adam Powers (Jun 12)
- RE: on NIDS/NIPS tuning Gary Halleen (Jun 10)
- RE: on NIDS/NIPS tuning M. Shirk (Jun 10)
- RE: on NIDS/NIPS tuning Phil Hollows (Jun 10)
- Re: on NIDS/NIPS tuning Brent Stackhouse (Jun 12)
- RE: on NIDS/NIPS tuning Hazel, Scott A. (Jun 12)
- RE: on NIDS/NIPS tuning Anton A. Chuvakin (Jun 14)
- RE: on NIDS/NIPS tuning Kohlenberg, Toby (Jun 14)
- RE: on NIDS/NIPS tuning David Kee (Jun 14)
- Re: on NIDS/NIPS tuning Raffael Marty (Jun 15)
- RE: on NIDS/NIPS tuning Anton A. Chuvakin (Jun 16)
- RE: on NIDS/NIPS tuning Kohlenberg, Toby (Jun 16)
- RE: on NIDS/NIPS tuning Gary Halleen (ghalleen) (Jun 16)