IDS mailing list archives
IPS false negatives
From: "Basgen, Brian" <bbasgen () pima edu>
Date: Thu, 13 Apr 2006 08:38:24 -0700
Is anyone aware of research that has been done to qualify/quantify the false negatives that commercial IPS's will pass when running on a default configuration? My understanding is that every IPS ships with only a portion of its rules activated; the reason being that some suspect traffic can either be an attack or legitimate network traffic. Therefore, blocking such traffic can be problematic, and visibility is the only realistic defense. ~~~~~~~~~~~~~~~~~~ Brian Basgen IT Security Architect Pima Community College ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IPS false negatives Basgen, Brian (Apr 13)
- Re: IPS false negatives Stefano Zanero (Apr 15)
- Re: IPS false negatives Thomas Choi (Apr 17)
- Re: IPS false negatives Thomas Ptacek (Apr 18)
- Re: IPS false negatives Thomas Choi (Apr 18)
- Re: IPS false negatives Thomas Ptacek (Apr 18)
- <Possible follow-ups>
- RE: IPS false negatives Biswas, Proneet (Apr 15)