Re: Cisco CTR

[Gary Flynn <flynngn () jmu edu>]

Rob Shein wrote:

> I think this largely relates to the earlier discussion about how there is a
> difference between a "false positive" and an actual attack that fails to
> succeed.  Ask yourself this: are you going to want to know about all attacks
> or just those that have a chance of success?  If someone throws IIS attacks
> at your apache web server, do you want to know about it...or do you want to
> wait until they start using apache-compatible exploits?
>
> There's a good summary of what CTR does here:
> http://www.cisco.com/en/US/products/sw/secursw/ps5054/

Another thing to think about - some folks have a habit of patching
the hole they came in through. Just because a vulnerability scan
shows no vulnerability it does not mean an attack was unsuccessful.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------