Re: IDS

[Tony Rall <trall () almaden ibm com>]

On Monday, 2006-07-03 at 05:57 GMT, Gopinath_Ramamoorthy () satyam com wrote:
> My requirement is when there is a machine / laptop are connected to my 
network, 
> which is not updated with the current Patches, Security updates which is 
being 
> approved needs to be reported to the Sys admin and immediate necessary 
steps 
> would be taken.
> Is it possible to have this & if so suggest me the options pls.

What you want is a vulnerability scanner.  An IDS, as its name suggests, 
reacts to intrusions after they occur.  A VS, on the other hand, can tell 
you about known vulnerabilities even before they are exploited.

Unfortunately, a network based VS is difficult to accomplish.  There are 
some that depend on having administrative access to the scanned machines; 
while that may be possible in some organizations, it isn't generally the 
case.  (For example, typical university or ISP networks - the network 
administrators (who might want to do such scanning) normally don't have 
administrative access to the target systems.)  Another alternative, host 
based vulnerability scanners, have more ability to find flaws on the local 
machine; but that clearly requires that the scanning program be loaded and 
run on each target system.

--
Tony Rall


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------