Re: signature based IDS/IPS effectiveness

[GMail <mayur100 () gmail com>]

Thanks Jamie and Stefano for noticing my issues, 
  90% of commercial database specific IDS/IPS systems do "signature
matching" exploit detection. They are stateless and mostly based on
snort. So does this mean that all they can do is stop public exploits.
If someone modifies the exploit then the signatures will fail and by
that means the appliances too ? 
   Limiting privileges to minimum required levels and installing minimum
required of modules on databases will definitely reduce the risk ratio,
but is it sufficient? What about vulnerabilities by which normal user
can get superuser privileges or carry out DOS on database services. Is
there any way to stop these kinds of attacks? Which would be the best
available database security product to handle all these issues?


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------