RE: IDS vs Application Proxy Firewal

["Kamra, Ashish" <akamra () purdue edu>]

> Ashish Kamra wrote:
> > My two cents on this issue as a Phd student working on an AD system
> for
> > a DBMS (who just wants get his Phd at the moment and not get into a
> > debate :-)).
>
> If you want to get your PhD, then debating is quite important :D

Yes sir, I agree debating is important but again not debating this issue
:-).

> > I was at the Recent Advances in Intrusion Detection Conference (RAID
> > 2008) recently where one of the topics for a panel discussion was
> "Life
> > after antivirus". The main take-away from the discussion was that
> even
> > top anti-virus companies are looking at whitelisting approaches to
> > augment the existing blacklists in order to win the battle against
> ever
> > increasing malware variants.
>
> Whitelisting is a good approach to execution authorization and for
> fighting malware, this is quite well recognized I'd say. Intrusion
> detection is a completely different beast though (and it seems quite
> peculiar that at RAID this wasn't noted).

At RAID, it was not discussed how the hybrid approach will be useful for
intrusion detection. The proposed solution was mainly for tackling ever
increasing malware variants. And the strange thing was that it was
announced by one of the McAfee guys that technologies for whitelisting
have been known to the anti-virus companies for over a decade now, but
when asked for the specifics there were no answers as it was supposed to
proprietary stuff. Do you have any idea on what he might have been
talking about?

Thanks,
Ashish

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------