IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ICSA [WAS: Re: Intrusion Prevention]

From: Greg Shipley <gshipley () neohapsis com>
Date: Mon, 30 Dec 2002 16:50:21 -0600 (CST)

On Mon, 30 Dec 2002 smarkle () icsalabs com wrote:


All - I have remained silent on this list for years. I am interested in
helping mature an Industry. That is what ICSA Labs does and IDS has been
one of my responsibilities since early 1999. After cutting through the
stinging criticism and saber rattling, I have chosen to respond only to
the paragraph above. Any vendor that knows the ICSA Labs testing
methodology knows that for over ten years we have perfected pass/fail
certification testing with evolving test methodology and criteria. We
did this when everyone else argued that it was the wrong approach. This
is the standard, and it is in fact the ICSA Labs approach that has been
mirrored by other test labs.


Just for the record, the paragraph you quoted was not necessarily in
reference to ICSA labs, specifically.  I still stand by OSEC being a lot
different then what I've seen come out of ICSA in the past, but that
paragraph was in reference to publications and testing in general.

Further, has ICSA labs been publishing IDS certifications since 1999?  If
so, my bad, I must have been mistaken / missed that.  If not, then I'm
even more confused.



On 1/18/01 Greg Shipley wrote:
[edit] Don't get me wrong, I think there is a huge need for 3rd-party

involvement, and dare I say it, "certification."

IMHO, there are some fronts to this that are REALLY important on.  For

example, I've heard that the ICSA team is working on >IPSEC *compliance* and
interoperability testing.  Ok, that's huge, as anyone who has worked with
multi-vendor VPN

deployments knows that the VPN space is a mess on that front.



The problem is, I question whether or not people are being mislead, and how

much good some of these certifications (like the >firewall one) really do.
Ultimately, does this type of "branding" help provide for a false sense of
security? [end]


Ergh, um, now I'm more confused.  I didn't write any of the above.  Why is
this being attributed/credited to me?



Greg - I sincerely ask you to contact me off-line and discuss a possible
visit to the ICSA labs. It is evident by your post that you do not have
a complete knowledge of what we do. This thread has also included
reference to the ICSA Labs Firewall program. I have asked one of our
most vocal critics in the past to give you his opinion on the current
state of the ICSA Labs Firewall program. Look for a post in the near
future on that subject.


Where in my post did I reference the ICSA Labs firewall program?!?!?

I will contact you off-line, absolutely (and thank you for the offer!),
but I will admit that much of your post has *ME* confused even more
now....

-Greg
Previous By Date Next
Previous By Thread Next

Current thread: