IDS mailing list archives
Re: on NIDS/NIPS tuning
From: Ramon Kagan <rkagan () yorku ca>
Date: Fri, 10 Jun 2005 08:20:38 -0400 (EDT)
HI, We continually keep our NIDS and NIPS tuned, adding new rules, removing bad ones (false positives or just too heavy to run), etc. I don't quite see how one can do otherwise. I just don't see how anyone can consider either a Plug 'n Play solution. In fact it would become a Plug 'n Pray solution. Ramon Kagan, GCIA York University, Computing and Network Services Information Security - Senior Information Security Analyst (416)736-2100 #20263 rkagan () yorku ca ----------------------------------- ------------------------------------ I have not failed. I have just I don't know the secret to success, found 10,000 ways that don't work. but the secret to failure is trying to please everybody. - Thomas Edison - Bill Cosby ----------------------------------- ------------------------------------ On Thu, 9 Jun 2005, Anton A. Chuvakin wrote:
All, I was thinking about some issues with IDS alerts (their volume, etc) and realized I could use some help from the list. It might also be a fun discussion item. So, here it is: how many folks who buy/download a NIDS/NIPS actually tune it? Long time ago when I was asking this question the previous time, I was scared to learn that lots of people do not tune their NIDSs. Is it any better now? Best, -- Anton A. Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.info-secure.org http://www.securitywarrior.com -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- on NIDS/NIPS tuning Anton A. Chuvakin (Jun 09)
- Re: on NIDS/NIPS tuning Ramon Kagan (Jun 10)
- Re: on NIDS/NIPS tuning Bob Huber (Jun 10)
- Re: on NIDS/NIPS tuning Kevin Timm (Jun 10)
- RE: on NIDS/NIPS tuning Darren Webb (Jun 12)
- <Possible follow-ups>
- RE: on NIDS/NIPS tuning Joshua Berry (Jun 09)
- Re: on NIDS/NIPS tuning Jason Falciola (Jun 10)
- Re: on NIDS/NIPS tuning Martin Roesch (Jun 12)
- Re: on NIDS/NIPS tuning Drew Simonis (Jun 10)
- RE: on NIDS/NIPS tuning Gary Halleen (Jun 10)
- Re: on NIDS/NIPS tuning Adam Powers (Jun 12)
- RE: on NIDS/NIPS tuning Gary Halleen (Jun 10)
- RE: on NIDS/NIPS tuning M. Shirk (Jun 10)
(Thread continues...)