IDS mailing list archives
Re: IDS
From: Tony Rall <trall () almaden ibm com>
Date: Tue, 4 Jul 2006 23:46:14 -0700
On Monday, 2006-07-03 at 05:57 GMT, Gopinath_Ramamoorthy () satyam com wrote:
My requirement is when there is a machine / laptop are connected to my
network,
which is not updated with the current Patches, Security updates which is
being
approved needs to be reported to the Sys admin and immediate necessary
steps
would be taken. Is it possible to have this & if so suggest me the options pls.
What you want is a vulnerability scanner. An IDS, as its name suggests, reacts to intrusions after they occur. A VS, on the other hand, can tell you about known vulnerabilities even before they are exploited. Unfortunately, a network based VS is difficult to accomplish. There are some that depend on having administrative access to the scanned machines; while that may be possible in some organizations, it isn't generally the case. (For example, typical university or ISP networks - the network administrators (who might want to do such scanning) normally don't have administrative access to the target systems.) Another alternative, host based vulnerability scanners, have more ability to find flaws on the local machine; but that clearly requires that the scanning program be loaded and run on each target system. -- Tony Rall ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------