IDS mailing list archives
Re: Network IDS
From: "Andrew Plato" <aplato () anitian com>
Date: Thu, 28 Aug 2003 12:36:59 -0700
The ISS Real Secure product can also interface with Check Point OPSEC
to
spawn TCP resets that can kill an attack.<shameless plug> So can Snort using Snortsam. </shameless plug>
1. I think ISS's NIDS is great, but when it comes to interfacing with OPSEC, I get queasy with that idea. I have a philosophical problem with a independent system writing rules into another system. Its asking for problems. Every time I see this implemented, it gets messed up somehow and either doesn't block when it should, or blocks the wrong things. Maybe its just because everyone who I've worked with that did this is lame. Nevertheless, the OPSEC connection always sounds better as a concept then it does when its actually implemented. The better solution would be to use an in-line IPS like RealSecure Guard to do that and then let the firewall stick with doing what it does best. 2. While we're doing shameless promoting, I have to slip in a plug for Top Layer's Attack Mitigator. Line-speed operation, flexible, fast, and it sets up and runs in like 60 minutes. My only want from it is a SMTP proxy, but that's probably just wishful thinking. I can always shove a WatchGuard in there for that. ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- RE: Network IDS, (continued)
- RE: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS José Joaquín (Aug 21)
- RE: Network IDS Zach Forsyth (Aug 25)
- RE: Network IDS Zach Forsyth (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Scott M. Trieste (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Zach Forsyth (Aug 26)
- Re: Network IDS Andrew Plato (Aug 28)
- Re: Network IDS Stephen P. Berry (Aug 29)