IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Intrusion Prevention

From: "Ralph Los" <RLos () enteredge com>
Date: Tue, 10 Dec 2002 12:01:08 -0500
Something to think about too.  The only 2 things in life that are 100%
guaranteed are death, and taxes.  There is NO such thing as 100%, best I'd
say...in this industry, is about 66%...and that's even very good.

::: -----Original Message-----
::: From: Jill Tovey [mailto:jill.tovey () bigbluedoor com] 
::: Sent: Monday, December 09, 2002 4:46 AM
::: To: focus-ids () securityfocus com
::: Subject: Re: Intrusion Prevention
::: 
::: 
::: In-Reply-To: 
::: <20021206031213.FGIH2199.lakemtao01.cox.net () smtp east cox net>
::: 
::: ActiveScout by all intents and purposes seems a unique and 
::: innovative   
::: approach to IDS technologies and provides a number of 
::: advantages over 
::: other detection systems, such as proactively detecting 
::: reconnaissance 
::: attacks. 
::: 
::: However, as far as I can see the disadvantages could be 
::: that you can only 
::: run the sensor on a redhat 7.2 platform, which is fairly old now.
::: 
::: On testing it seems to have performed well, however, I have 
::: read that 
::: there have been some problems.  ActiveScout is good at 
::: detecting attacks 
::: that are followed by reconnaissance activities, but does 
::: not catch all 
::: direct attacks made on a system. 
::: 
::: I think it would work well with an anomaly-based IDS on the 
::: internal 
::: network.
::: 
::: Kind Regards,
::: 
::: Jill Tovey
::: None
::: 
::: 
:::
Previous By Date Next
Previous By Thread Next

Current thread: