IDS mailing list archives

Previous By Date Next
Previous By Thread Next

ICSA Labs Network IPS Testing

From: "Walsh, John (Jack)" <jwalsh () icsalabs com>
Date: Tue, 4 Dec 2007 15:49:21 -0500
Fellow Focus IDS Readers:

As the program manager responsible for all aspects of ICSA Labs Network
IPS certification testing, I thought I ought to correct some misleading
information you may have recently read on this list about our Network
IPS certification testing program.  The truth is that we do not "pick
specific attacks and say that you must block these."  In ICSA Labs
Network IPS certification testing we test in part to ensure the device
provides coverage protection for all attacks targeting an evolving set
of medium-to-high severity vulnerabilities that we and a consortium of
15 network IPS vendors
(http://www.icsalabs.com/icsa/topic.php?tid=6a87$5813f3e2-37b77ee3$3b4a-
f1d4a32d) believe are relevant to enterprise end users.

For the future, and you probably all know this, but just to be
absolutely certain - please be suspicious of the reason(s) why someone
would comment negatively on ICSA Labs network IPS testing.  Keep in mind
that such an individual most likely:

 a) is in no position to speak authoritatively about ICSA Labs network
IPS testing,
 b) believes that he/she or his/her organization is somehow competing
with ICSA Labs, and/or
 c) stands to gain by speaking disparagingly - no matter how subtle the
fashion - about ICSA Labs,

Finally, rather than re-hash our entire philosophy on how best to
properly test a network IPS device, I would invite you to read the 4
whitepapers we wrote back in around June of 2006 as they are still
relevant today:

 
http://www.icsalabs.com/icsa/topic.php?tid=6807$064ec1ee-3a54c0ac$dc20-4
1d3f014

If you also read the front matter for any of the certification testing
reports (available from
http://www.icsalabs.com/nips/certifiedproducts.html) you will pick up a
lot of information on our testing methodology and be able to see how it
maps back at a high level to the testing criteria
(http://www.icsalabs.com/icsa/docs/html/communities/nips/criteria/NIPS_c
riteria_v110_071010.pdf).

If you have any questions, comments, or concerns please contact me
directly.  I am more than happy to talk with you.

Take care,
Jack Walsh
Technology Programs Manager,
Intrusion Detection & Prevention
ICSA Labs
jwalsh () icsalabs com
717.790.8126

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: