Home page logo
/

basics logo Security Basics mailing list archives

Re: UTM - Unified Threat Management system
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Wed, 15 Mar 2006 11:28:07 -0800

    That's a good idea to do something in inside network, but i think
signature-based sensors are too passive, could there be a better solution?

You can try Anomaly Detection IDS.

IDS Methods of Operation:
Pattern Matching: Signature based [Default Allow, less secure]
Anomaly Detection: Learning based [Default Deny, more secure]
Protocol Behaviour: Determines normal traffic based on RFC.

--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]