IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS question

From: "JAVIER OTERO" <jotero () SMARTEKH com>
Date: Tue, 2 Dec 2003 16:42:50 -0600
I have experience with IDP (IDS + prevention) using NetScreen, then my experience is:
Appliance, no instalation or hardening required.
First put in IDS mode (sniffer), select the kind of vulnerabities search, if I does not have SUN does not select this) 
analize the trafic (LOGS), about 1 week, is important made a very good job here, what is real valid, what is real 
invalid and what ???, for this is good made a previus vulnerabity scaner for detect kazaa, spyware and other kind of 
unwanted code.
Repeat the test.
NetScreen uses 8 detection mechanisms for reduce the false positives and negatives.
Put in prevention mode, all positives are droped, keep the logs.
I like:
Easy to install.
Easy to cofigure.
Supports high volumes.
Small number of false positives and negatives.
I does not like:
No cheap.

Excuse my english.

Ing. Fco. Javier Otero De Alba 
Diplomado en Seguridad Informática ITESM CEM 
Grupo Smartekh 
Antivirus Expertos 
Bussiness Continuity 
Inftegrity 
5243-4782 al 84 Ext.300
México, D.F. 



-----Mensaje original-----
De: Joubert Berger [mailto:joubert () berger-family org]
Enviado el: Martes, 02 de Diciembre de 2003 04:01 p.m.
Para: focus-ids () securityfocus com
Asunto: IDS question


I got such a great response from you guys last time on my question about
Tripwire competitors (Thanks everyone who responded -- it really helped),
that I am going to ask some more questions and get people's opinions.  Some
of these questions might be very open-ended, but I am trying to get a feel
for things.  Any insight would be greatly appreciated.

How much effort is required to tune and maintain your IDS configuration?

What rate of false positives does your IDS produce?  Are false positives
problematic for you?  

What are the main categories of false positives that occur in your
environment?

What are the significant shortcomings (if any) that you experience with your
IDS?

No need to mention vendors if you are not comfortable.  I am starting my
evaluation of IDS and would like to know what kind of things to look for.

Many thanks in advance.

--joubert


---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: