IDS mailing list archives
RE: IDS question
From: "JAVIER OTERO" <jotero () SMARTEKH com>
Date: Tue, 2 Dec 2003 16:42:50 -0600
I have experience with IDP (IDS + prevention) using NetScreen, then my experience is: Appliance, no instalation or hardening required. First put in IDS mode (sniffer), select the kind of vulnerabities search, if I does not have SUN does not select this) analize the trafic (LOGS), about 1 week, is important made a very good job here, what is real valid, what is real invalid and what ???, for this is good made a previus vulnerabity scaner for detect kazaa, spyware and other kind of unwanted code. Repeat the test. NetScreen uses 8 detection mechanisms for reduce the false positives and negatives. Put in prevention mode, all positives are droped, keep the logs. I like: Easy to install. Easy to cofigure. Supports high volumes. Small number of false positives and negatives. I does not like: No cheap. Excuse my english. Ing. Fco. Javier Otero De Alba Diplomado en Seguridad Informática ITESM CEM Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F. -----Mensaje original----- De: Joubert Berger [mailto:joubert () berger-family org] Enviado el: Martes, 02 de Diciembre de 2003 04:01 p.m. Para: focus-ids () securityfocus com Asunto: IDS question I got such a great response from you guys last time on my question about Tripwire competitors (Thanks everyone who responded -- it really helped), that I am going to ask some more questions and get people's opinions. Some of these questions might be very open-ended, but I am trying to get a feel for things. Any insight would be greatly appreciated. How much effort is required to tune and maintain your IDS configuration? What rate of false positives does your IDS produce? Are false positives problematic for you? What are the main categories of false positives that occur in your environment? What are the significant shortcomings (if any) that you experience with your IDS? No need to mention vendors if you are not comfortable. I am starting my evaluation of IDS and would like to know what kind of things to look for. Many thanks in advance. --joubert --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS question Joubert Berger (Dec 02)
- <Possible follow-ups>
- RE: IDS question JAVIER OTERO (Dec 03)