IDS mailing list archives

Previous By Date Next
Previous By Thread Next

IPS false negatives

From: "Basgen, Brian" <bbasgen () pima edu>
Date: Thu, 13 Apr 2006 08:38:24 -0700

 Is anyone aware of research that has been done to qualify/quantify the
false negatives that commercial IPS's will pass when running on a
default configuration?

 My understanding is that every IPS ships with only a portion of its
rules activated; the reason being that some suspect traffic can either
be an attack or legitimate network traffic. Therefore, blocking such
traffic can be problematic, and visibility is the only realistic
defense.

~~~~~~~~~~~~~~~~~~
Brian Basgen
IT Security Architect
Pima Community College
 
 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: