|
IDS
mailing list archives
Re: IDS testing methodologies
From: "Sam f. Stover" <sstover () atrc sytexinc com>
Date: Fri, 2 Jan 2004 11:24:12 -0500
On Tuesday, December 30, 2003, at 02:42 PM, Henrik Falkenthros,
direktoer wrote:
Hi List !
I'm trying to find out ways of testing different IDS systems; is there
a
'recommended'/best practise methodology for testing Network based IDS
(NIDS)
? Any information - papers, tools, links and own experience are much
appreciated,,, 8-)
cheers, Henrik Falkenthros
The best baseline methodology IMHO is OSEC from Neohapsis:
http://osec.neohapsis.com/
I'm biased because I contributed to the methodology, but that doesn't
mean I'm wrong... ;-). Lot's of people contributed to it, and I think
it's a very vendor-neutral process that was built w/ the customer in
mind, not the vendor.
I don't think you need a ton of high-end gear to implement most of the
tests yourself, or at least get an idea of tests that apply to your
environment. The main exception would be the high-end bandwidth tests
which use some expensive traffic generators.
hth.
____
S.f.Stover
sstover () atrc sytexinc com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: IDS testing methodologies, (continued)
|
Intro
