IDS mailing list archives
Re: IDS testing methodologies
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Fri, 2 Jan 2004 06:52:24 -0800 (PST)
hi ya henrik
I'm trying to find out ways of testing different IDS systems; is there a 'recommended'/best practise methodology for testing Network based IDS (NIDS) ? Any information - papers, tools, links and own experience are much appreciated,,, 8-)
in my book ... ( small world ) .. an IDS is not very useful, because, the cracker is already in your network ... game over ... one should spend the same time, to harden the servers to prevent thousands of possible vulnerabilities from being exploited - there is a limited number of major vulnerabilities and there are endless permutations of how to get into a box/network - test those thousands of vulnerabilities and exploits means that you have to run those tests thru your IDS to see that it got flagged by your IDS - and in my small world, i do NOT want any false alarms of a possible intruders - watching all the packets on the wire is too much work ... hopefully you have a lot bigger ids budget to support 24x7 monitoring c ya alvin --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS testing methodologies Henrik Falkenthros, direktoer (Jan 02)
- Re: IDS testing methodologies Nigel Houghton (Jan 02)
- Re: IDS testing methodologies Ron Gula (Jan 02)
- Re: IDS testing methodologies Alvin Oga (Jan 02)
- Re: IDS testing methodologies James Riden (Jan 05)
- Re: IDS testing methodologies Mike Lyman (Jan 05)
- Re: IDS testing methodologies s tart Alvin Oga (Jan 06)
- Re: IDS testing methodologies Stephen P. Berry (Jan 06)
- Re: IDS testing methodologies Sam f. Stover (Jan 02)
- RE: IDS testing methodologies Henrik Falkenthros, direktoer (Jan 05)
- Re: IDS testing methodologies hoop (Jan 05)
- Re: IDS testing methodologies Raffael Marty (Jan 08)
- <Possible follow-ups>
- RE: IDS testing methodologies Bob Walder (Jan 02)
- RE: IDS testing methodologies Raj_Dhingra (Jan 05)