IDS mailing list archives
RE: IDS vs Application Proxy Firewal
From: "Kamra, Ashish" <akamra () purdue edu>
Date: Wed, 29 Oct 2008 12:54:53 -0400
Ashish Kamra wrote:My two cents on this issue as a Phd student working on an AD systemfora DBMS (who just wants get his Phd at the moment and not get into a debate :-)).If you want to get your PhD, then debating is quite important :D
Yes sir, I agree debating is important but again not debating this issue :-).
I was at the Recent Advances in Intrusion Detection Conference (RAID 2008) recently where one of the topics for a panel discussion was"Lifeafter antivirus". The main take-away from the discussion was thateventop anti-virus companies are looking at whitelisting approaches to augment the existing blacklists in order to win the battle againsteverincreasing malware variants.Whitelisting is a good approach to execution authorization and for fighting malware, this is quite well recognized I'd say. Intrusion detection is a completely different beast though (and it seems quite peculiar that at RAID this wasn't noted).
At RAID, it was not discussed how the hybrid approach will be useful for intrusion detection. The proposed solution was mainly for tackling ever increasing malware variants. And the strange thing was that it was announced by one of the McAfee guys that technologies for whitelisting have been known to the anti-virus companies for over a decade now, but when asked for the specifics there were no answers as it was supposed to proprietary stuff. Do you have any idea on what he might have been talking about? Thanks, Ashish ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs Application Proxy Firewal alfredhuger () winterhope com (Oct 24)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 27)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 27)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 28)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 28)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 28)
- Re: IDS vs Application Proxy Firewal Ashish Kamra (Oct 29)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 29)
- RE: IDS vs Application Proxy Firewal Kamra, Ashish (Oct 29)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 29)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 27)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 27)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 28)
- Re: IDS vs Application Proxy Firewal Arian J. Evans (Oct 28)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 28)
- Re: IDS vs Application Proxy Firewal Arian J. Evans (Oct 29)