IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS testing methodologies

From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Fri, 2 Jan 2004 06:52:24 -0800 (PST)

hi ya henrik


I'm trying to find out ways of testing different IDS systems; is there a
'recommended'/best practise methodology for testing Network based IDS (NIDS)
? Any information - papers, tools, links and own experience are much
appreciated,,, 8-)


in my book ... ( small world ) .. an IDS is not very useful, because, the
cracker is already in your network ... game over ...

one should spend the same time, to harden the servers to prevent thousands
of possible vulnerabilities from being exploited

- there is a limited number of major vulnerabilities and there are endless
  permutations of how to get into a box/network

- test those thousands of vulnerabilities and exploits means that you
  have to run those tests thru your IDS to see that it got flagged by your IDS
        - and in my small world, i do NOT want any false alarms of a possible intruders

- watching all the packets on the wire is too much work ...  hopefully you
  have a lot bigger ids budget to support 24x7 monitoring

c ya
alvin


---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: