IDS mailing list archives
RE: IDS and Spywares
From: "Omar A. Herrera" <omar.herrera () oissg org>
Date: Wed, 12 Oct 2005 22:52:11 +0100
-----Original Message----- From: vipul kumra [mailto:vikumar2 () yahoo com] Hi Dhruv, I agree with what you have said... but then there is no 100% fool proof method for detecting anything. As far as I've seen iPolicy Networks IDS protection is quite strong... :)
Why use a hammer with a screw? Network based detection is able to deal pretty well with known network threats, but some sort of malware (including some Trojans and spyware) are customized or modified and used with specific targets. You won't detect those with generic signatures or network based anomaly behavior. hIDS/hIPS ar much more effective in detecting and preventing these attacks. If there is any anomalous activity to be detected or any forbidden action to be blocked, it will be host based, not network based. To start, there is a considerable number of ways that these threats can travel through the network (e.g. web scripts, P2P messaging, email attachments, trojanized downloaded software)and they might not even used the network to get to their target (Sharing of USB memory sticks, CDs, DVDs,...) Personally I doubt that it is even worth trying to catch this kind of malware with a network based IDS or IPS. I would rather use the time for polishing hIPS/personal firewall policies. I think this is what Dhruv meant. Regards, Omar Herrera ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS and Spywares, (continued)
- Re: IDS and Spywares barcajax (Oct 11)
- Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Jonathan Gauntt (Oct 12)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Tim Holman (Oct 14)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor byte_jump (Oct 18)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Frank Knobbe (Oct 18)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Jason (Oct 18)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Jason Haar (Oct 18)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Joel Esler (Oct 19)
- Re: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Teemu Schaabl (Oct 18)
- Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor Jonathan Gauntt (Oct 12)
- Re: IDS and Spywares barcajax (Oct 11)
- RE: IDS and Spywares vipul kumra (Oct 12)
- RE: IDS and Spywares Omar A. Herrera (Oct 13)
- RE: IDS and Spywares Matt Jonkman (Oct 14)
- RE: IDS and Spywares Omar A. Herrera (Oct 14)
- RE: IDS and Spywares Matt Jonkman (Oct 14)
- RE: IDS and Spywares Omar A. Herrera (Oct 14)
- RE: IDS and Spywares Frank Knobbe (Oct 18)
- RE: IDS and Spywares Omar Herrera (Oct 18)
- RE: IDS and Spywares Dhruv Soi (Oct 18)
- RE: IDS and Spywares Frank Knobbe (Oct 18)
- RE: IDS and Spywares Omar A. Herrera (Oct 18)
- RE: IDS and Spywares Omar A. Herrera (Oct 13)