IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: on NIDS/NIPS tuning

From: Brent Stackhouse <brentstackhouse () yahoo com>
Date: Sat, 11 Jun 2005 19:36:20 -0700 (PDT)
Hey Anton,

Yup, I always tune, whether using ISS, Cisco, or
McAfee.  Don't see how you can avoid it and still get
what you want.  Even when using a SIM with Cisco IPS,
I still have to make sure the "right" signatures are
enabled, since Cisco's sig updates don't enable all of
them by default (and I may pick different ones to
enable than Cisco did).  A SIM doesn't change that
step, at least not the Cisco MARS product I've been
using recently.

Brent Stackhouse, GSEC/GCIH


Date: Thu, 9 Jun 2005 13:01:20 -0400 (EDT)

From: "Anton A. Chuvakin" <anton () chuvakin org>
To: focus-ids () securityfocus com
Subject: on NIDS/NIPS tuning

All,

I was thinking about some issues with IDS alerts
(their volume, etc) and
realized I could use some help from the list. It
might also be a  fun
discussion item.

So, here it is: how many folks who buy/download a
NIDS/NIPS actually tune
it? Long time ago when I was asking this question
the previous time, I was
scared to learn that lots of people do not tune
their NIDSs. Is it any
better now?

Best,
-- 
Anton A. Chuvakin, Ph.D., GCIA, GCIH, GCFA
     http://www.info-secure.org
   http://www.securitywarrior.com



                
__________________________________ 
Discover Yahoo! 
Find restaurants, movies, travel and more fun for the weekend. Check it out! 
http://discover.yahoo.com/weekend.html 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: