IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NIPS Vendors explicit answer

From: Vikram Phatak <vphatak () lucidsecurity com>
Date: Mon, 26 Apr 2004 20:15:34 -0400
Hi Ron,
Thank you. For vulnerability detection we feed a nessus engine with the IP addresses & ports that we want to scan based upon either a firewall policy or manual entry by the administrator. Nessus is probably the best scanner around, but you know that already :-)
As far as IDS signatures - we write our own. They are based upon the vulnerability (whenever possible) as I mentioned in the initial posting. 

Best Regards,
   -Vik

Ron Gula wrote:
As with firewalls, we believe IPS needs to be more black and white regarding the approach taken. While much of the work being done regarding anomalous behavior is "cool", it is not practical unless it can be used in the "real world" to prevent attacks. Believing that traffic is harmful and knowing it is harmful are two different things. Besides which, I have never personally seen a product that operates on "magic foo-foo dust" work. 


Excellent summary of ipANGEL. What do you use for vulnerability
detection and IDS signatures?

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com
---------------------------------------------------------------------------
--------------------------------------------------------------------------- 



--
Vikram Phatak
CTO, Lucid Security
http://www.lucidsecurity.com

ipANGEL -"Best Emerging Technology" - Information Security Magazine


---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: