|
IDS
mailing list archives
RE: Intrusion Prevention
From: "Ralph Los" <RLos () enteredge com>
Date: Tue, 10 Dec 2002 12:01:08 -0500
Something to think about too. The only 2 things in life that are 100%
guaranteed are death, and taxes. There is NO such thing as 100%, best I'd
say...in this industry, is about 66%...and that's even very good.
::: -----Original Message-----
::: From: Jill Tovey [mailto:jill.tovey () bigbluedoor com]
::: Sent: Monday, December 09, 2002 4:46 AM
::: To: focus-ids () securityfocus com
::: Subject: Re: Intrusion Prevention
:::
:::
::: In-Reply-To:
::: <20021206031213.FGIH2199.lakemtao01.cox.net () smtp east cox net>
:::
::: ActiveScout by all intents and purposes seems a unique and
::: innovative
::: approach to IDS technologies and provides a number of
::: advantages over
::: other detection systems, such as proactively detecting
::: reconnaissance
::: attacks.
:::
::: However, as far as I can see the disadvantages could be
::: that you can only
::: run the sensor on a redhat 7.2 platform, which is fairly old now.
:::
::: On testing it seems to have performed well, however, I have
::: read that
::: there have been some problems. ActiveScout is good at
::: detecting attacks
::: that are followed by reconnaissance activities, but does
::: not catch all
::: direct attacks made on a system.
:::
::: I think it would work well with an anomaly-based IDS on the
::: internal
::: network.
:::
::: Kind Regards,
:::
::: Jill Tovey
::: None
:::
:::
:::
 By Date 
By Thread
Current thread:
- Re: Intrusion Prevention, (continued)
|
Intro
