Focus on IDS Mode:
(Page 1 of 199)  1 2 3 4 5 6 7 8 9 10 11  Next >
Re: Ideal IDS/IPS 2011-06-07
krymson gmail com
I'll take a stab!

I would say there are two sorts of audiences for IDS/IPS: Those who care and those who want it to run on its own with as little care and feeding as possible. For those that care, I'm not actually all that concerned about false positives as I think a good analyst team should alwa

[ more ]  [ reply ]
Re: Ideal IDS/IPS 2011-06-06
Nikhil Manampady (nikhil manampady paladion net)
>
> You can also check if the IDP has a NIC bypass feature which actually makes the IDP work as normal switch (no traffic monitoring) in case of a power failure.
>
>
> Thanks & Regards,
> Nikhil Manampady,
> Security Consultant,
> Paladion Networks.
>
>
>
>
> On Thu, Jun 2, 2011 at 8:50 AM, snort us

[ more ]  [ reply ]
Re: Ideal IDS/IPS 2011-06-06
Michal Zalewski (lcamtuf coredump cx)
> Low false negatives   - maximize detection and prevention of
> intrusions, detect zero day attacks, detect variations
> Low false positives   - don't waste analyst time
> Ease of use           - installation and configuration
> Low resource usage    - minimize resource usage, degrade gracefully
>

[ more ]  [ reply ]
Ideal IDS/IPS 2011-06-02
snort user (snort user gmail com)
What would we like to have in an ideal IDS/IPS system? I am not
restricting the list to existing approaches such as signature based,
anomaly based, statistical or specification based IDS. Just trying to
get the wish list sort of. Any feedback is much appreciated.

Low false negatives - maximize de

[ more ]  [ reply ]
pytbull, an IDS/IPS Testing Framework 2011-05-24
Sebastien Damaye (sebastien damaye gmail com)
Hi,

I thought you might be interested in pytbull (http://pytbull.sourceforge.net).

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing
Framework for Snort, Suricata and any IDS/IPS that generates an alert
file. It can be used to test the detection and blocking capabilities
of an

[ more ]  [ reply ]
Deployed Grid based Intrusion Detection System solutions?? 2011-05-09
Mayank.2.Bhatnagar (MBhatnagar ipolicynetworks com)
Hi all,

Just wanted to know which are the deployed and currently used Grid based IDS systems.
I have heard about some academic projects, but since could not get further updates, so positing here.

Distributed IDS systems, evolving to serve high computing and networked Grids, are they being trusted

[ more ]  [ reply ]
Re: host sensors needed? 2011-05-04
stcroix111 netscape net
As I am sure you could have predicted, my answer is that it depends. There are more security options available in a HIDS solution that you won't find when using the tools that you mention in your post such as being able to do behavioral analysis of the software executing on the server. For example,

[ more ]  [ reply ]
host sensors needed? 2011-04-20
Shang Tsung (shangtsung71 gmail com)
I know there is no clear answer to the below question, but I would
like to have some views and opinions.

We are considering whether to install Host IDS Sensors on webservers.
Having them is better security for sure. However, does the added
security worth the extra cost and burden to the server/netw

[ more ]  [ reply ]
Re: Installing Snort in Proventia GX 2011-04-08
susurros07 (susurros07 gmail com)
Hi All,

I have to quit my little project. I still think that its possible to
do it but i dont have the time to realize it.
Thanks for your interest.

Sergio

On Fri, Apr 8, 2011 at 7:05 AM, Laurens Vets <laurens (at) daemon (dot) be [email concealed]> wrote:
> Hello,
>
>> I am thinking in install a new Linux Distribution in  a

[ more ]  [ reply ]
Re: Installing Snort in Proventia GX 2011-04-06
Mark Teicher (mark teicher gmail com)
are you repurposing an IBM Proventia IDS with snort. You need to be able to check the bios to boot from CD and should go from there

On Apr 5, 2011, at 6:59 AM, sergio delgado <susurros07 (at) gmail (dot) com [email concealed]> wrote:

> Hi All,
>
> I am thinking in install a new Linux Distribution in a Proventia IDS.
> I

[ more ]  [ reply ]
Re: Installing Snort in Proventia GX 2011-04-06
Laurens Vets (laurens daemon be)
Hello,

> I am thinking in install a new Linux Distribution in a Proventia IDS.
> I don't find any documentation, have anyone tried?

Which exact model is it?

It will probably work, the Proventia firmware is based on linux anyways
(RedHat I think).

---------------------------------------------

[ more ]  [ reply ]
Installing Snort in Proventia GX 2011-04-05
sergio delgado (susurros07 gmail com)
Hi All,

I am thinking in install a new Linux Distribution in a Proventia IDS.
I don't find any documentation, have anyone tried?

Thanks,

Sergio

P.D: Sorry about my english, i will thank you if you find any mistake.

-----------------------------------------------------------------
Securing Yo

[ more ]  [ reply ]
New Tool: 'Patriot NG 2.0' 2011-02-23
Yago Jesus (yjesus security-projects com)
Patriot is a 'Host IDS' tool which allows real time monitoring of
changes in Windows systems and Network attacks.

Patriot monitors:
Changes in Registry keys: Indicating whether any sensitive key
(autorun, internet explorer settings...) is altered.
New files in 'Startup' directories
New Users in the

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-19
Ichilov (zivi radware com)

How about using a different network element for gaining a bit of both?

There are devices that can dynamically change their role. They can behave as
taps allowing detection only on the IPS side and can forward the traffic
through the IPS (as with inline implementation). Using such device allows
you

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-18
Joel Esler (joel esler me com)
On Feb 18, 2011, at 9:49 AM, Curt Purdy wrote:

> Did not realize you were with Sourcefire Joel, would not have been so
> 'harsh' in my comments. Give my regards to Martin.
>
It's not a problem, don't take it like that, I just view it as important to education those that may not be aware of the ter

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-18
Curt Purdy (infosysec gmail com)
Did not realize you were with Sourcefire Joel, would not have been so
'harsh' in my comments. Give my regards to Martin.

FWIW, it was Snort that forced me to create the world's first SIM in
2000, when I could not stand the false positives, and decided to put
all my servers in the top 128 of a class

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-18
Joel Esler (joel esler me com)
Fair enough, (and I doubt I'm too young), however, back then, there was no difference. There is now.

When ISS RealSecure first starting coming out with the technology of sending RST packets, I remember people called it IPS back then too. When tools that auto-blocked at firewalls started coming

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-18
Curt Purdy (infosysec gmail com)
If this were a literary list, we could argue semantics till the cows
come home Joel. But being an information security list let's stick to
technology. You may be too young to remember the very first Intrusion
'Protection' System that was not in-line at all. It was simply an IDS
that added ACLs to th

[ more ]  [ reply ]
[ISECOM-HACKERHIGH] Sharpen Your Security Skills! 2011-02-15
Pete Herzog (pete isecom org)
Hi,

There are 2 new seminars available next month held at the Troopers
conference in Heidelberg, Germany, starting March 28.

"Smarter Safer Better" is for anyone, really anyone, who wants to
understand how the human mind works to make better trust and security
decisions. Think of it as the ulti

[ more ]  [ reply ]
RE: IDS causing troubles 2011-02-15
Matthew Fitzgerald (matthew fitzgerald cae com)
Just to chime in about potential problems at the physical layer. I've seen these type of problems on numerous occasions. At the trivial extreme there may exist a NIC duplex mismatch or speed mismatch, or in the case of all NICS set to auto-auto, the devices can have issues negotiating the speed/du

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-15
Joel Esler (joel esler me com)
On Feb 14, 2011, at 1:28 PM, JiPi DiNi wrote:

> If inline it has to be a bypass switch not a tap.
>
> an IPS with a TAP is an IDS.
> an IPS with a bypass switch configured inline can block on traffic.

You might want to clarify this statement a bit more, for instance, there are tap vendors that ma

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-15
Joel Esler (joel esler me com)
On Feb 11, 2011, at 2:14 PM, Joel Jaeggli wrote:

> On 2/11/11 10:23 AM, Matthew Fitzgerald wrote:
>> Joel, its inline because prevention requires intervention.
>
> It doesn't actually require that, plenty of ips systems can do their job
> with a tap and another port for injection.

I personally do

[ more ]  [ reply ]
SV: IDS causing troubles 2011-02-15
Anders Petrén (anders certezza net)
My experience of IBM ISS nips has not disappointed me or any of my customers.
Carefully planning of implementation of both the nips and hips content updates is really mandatory to make sure you have a stable environment.
The outsourcing partner should know this. I suggest you revise your partners S

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-14
JiPi DiNi (jipidini gmail com)
On Fri, Feb 11, 2011 at 2:14 PM, Joel Jaeggli <joelja (at) bogus (dot) com [email concealed]> wrote:
> On 2/11/11 10:23 AM, Matthew Fitzgerald wrote:
>> Joel, its inline because prevention requires intervention.
>
> It doesn't actually require that, plenty of ips systems can do their job
> with a tap and another port for inject

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-14
Curt Purdy (infosysec gmail com)
ST,

In my first deployment of IPS (vs. IDS) years ago, I thankfully
learned why I put in audit mode first, when upon checking the logs, I
found that it thought the CEO's emails were malicious (they weren't).

The first place to look, considering that your 3rd party will allow
you access to unfilter

[ more ]  [ reply ]
RE: IDS causing troubles 2011-02-12
Bob-Buel (bob buel org)
Just my two cents here--no, the right implementation of the right product
will not result in downtime.
Having a state of the art IPS in production in a critical infrastructure for
4 years now, I can tell you, no downtime.
Few false positives, and little extra latency. Have kissed my frogs to find
t

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-11
Joel Jaeggli (joelja bogus com)
On 2/11/11 10:23 AM, Matthew Fitzgerald wrote:
> Joel, its inline because prevention requires intervention.

It doesn't actually require that, plenty of ips systems can do their job
with a tap and another port for injection.

the fact of the matter is if the ids can't keep up with the presented
load

[ more ]  [ reply ]
RE: IDS causing troubles 2011-02-11
Matthew Fitzgerald (matthew fitzgerald cae com)
Joel, its inline because prevention requires intervention. You bring up a good point though, perhaps the issue should be taken outside of the technical arena and brought to the business/contract folks to reset expectations around prevention/detection.

-----Original Message-----
From: listbounce@

[ more ]  [ reply ]
New release of Unhide (2011-01-13) 2011-02-07
Yago Jesus (yjesus security-projects com)
Unhide is a forensic tool to find hidden processes and TCP/UDP ports
by rootkits / LKMs or by other hidden techniques.

// Unhide (ps)

Detects hidden processes. Six different techniques implemented:

- Comparing /proc vs /bin/ps output
- Comparing information gathered from /bin/ps with information

[ more ]  [ reply ]
Re: IDS causing troubles 2011-02-11
Joel Jaeggli (joelja bogus com)
You might ask yourself why it's inline rather than an on on monitor port
or a tap.

There are serious scalability and performance problems to be had when
putting an inspection device in some locations in the network and you
should be mindful of that, ultimately if availability is a consideration
and

[ more ]  [ reply ]
(Page 1 of 199)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus