Focus on IDS
Ideal IDS/IPS Jun 02 2011 03:20AM
snort user (snort user gmail com) (1 replies)
What would we like to have in an ideal IDS/IPS system? I am not
restricting the list to existing approaches such as signature based,
anomaly based, statistical or specification based IDS. Just trying to
get the wish list sort of. Any feedback is much appreciated.

Low false negatives - maximize detection and prevention of
intrusions, detect zero day attacks, detect variations
Low false positives - don't waste analyst time
Ease of use - installation and configuration
Low resource usage - minimize resource usage, degrade gracefully
when resource usage exceeds limits
High Performance - good scalability with increasing network speeds
Stability, Robustness - no crashes, and resistance to attacks againt IDS
Minimal ongoing maintainence - Run with minimal human supervision

Thanks

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: Ideal IDS/IPS Jun 06 2011 06:28AM
Michal Zalewski (lcamtuf coredump cx)


 

Privacy Statement
Copyright 2010, SecurityFocus