IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco CTR

From: "Gary Halleen" <ghalleen () cisco com>
Date: Fri, 7 Nov 2003 10:43:53 -0800
In that case, though, you're using stagnant information.  How would this be
kept accurate in an environment when users patch their computers, or when IP
addresses change due to DHCP?

Gary



-----Original Message-----
If this type of attack can succeed as I think it could, I
think a solution
would be for the IDS to keep a record of the patch levels of
every system in
the network and allow those patch levels to be updated only through an
administrative interface (requiring additional authentication
and of course
increasing the administrative workload).  Then the system
wouldn't be fooled
by this technique.

-Michael





---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: