IDS mailing list archives
RE: Intrusion Prevention requirements document
From: "Andy Cuff" <AndyCuff () securitywizardry com>
Date: Mon, 7 Nov 2005 19:21:19 -0000
VT, My suggestion would be a compromise, test products on a dev network and whittle down the contenders you will find showstoppers for certain products Andy Cuff Chief Technology Officer Computer Network Defence Ltd http://www.securitywizardry.com 07010 709014
-----Original Message----- From: vendortrebuchet () comcast net [mailto:vendortrebuchet () comcast net] Sent: 29 October 2005 20:40 To: focus-ids () securityfocus com Subject: Re: Intrusion Prevention requirements document Another question for everyone, When you brought in each vendor for evaluation, did you configure a test network for them or did you use your production network? My 1st concern is keeping my job :o) If I test in production, I could impact production traffic. If I don't test in production, how can I best ensure that I won't have problems with custom applictions, older IP stacks which could be an issue if RFC compliance checks are done, etc. The vendor answer is always, "don't turn on blocking and just monitor." Is that a reality? I'd like some testimonials to this and some real life instances of what has been done from unbiased sources. Thanks, VTAll, I work on a team that manages signature and behavioral based intrusiondetectionsystems today. We have been tasked with reviewing IPS (or whatevervendor nameacronym you prefer) in '06. Our normal process is to put together abaserequirements document to weed out vendors in the first round through apaperexcercise and then bring in the best we can identify. My question is,hasanyone developed a matrix that identifies key qualifiers in an IPSsolution(e.g. in-line, fails open/closed, reporting features, etc.). If so,could youprovide links or the documents? If not, what categories are most significant to consider in your expert opinions? What reasons did you choose the solution you have? Whatwould youconsider if you had to choose over again, etc? Thanks in advance for your responses. VT ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Intrusion Prevention requirements document vendortrebuchet (Nov 03)
- RE: Intrusion Prevention requirements document Tony Haywood (Nov 07)
- RE: Intrusion Prevention requirements document Andy Cuff (Nov 08)
- RE: Intrusion Prevention requirements document -Apology Talisker (Nov 09)
- <Possible follow-ups>
- RE: Intrusion Prevention requirements document Arun Vishwanathan (Nov 07)
- RE: Intrusion Prevention requirements document FinAckSyn (Nov 09)
- RE: Intrusion Prevention requirements document Tony Haywood (Nov 10)
- Re: Intrusion Prevention requirements document Mike Frantzen (Nov 14)
- Re: Intrusion Prevention requirements document Bob Walder (Nov 10)
- RE: Intrusion Prevention requirements document FinAckSyn (Nov 09)
- RE: Intrusion Prevention requirements document vendortrebuchet (Nov 07)
- RE: Intrusion Prevention requirements document Tony Haywood (Nov 10)
- RE: Intrusion Prevention requirements document Chris Ralph (Nov 14)
- Re: Intrusion Prevention requirements document ADT (Nov 16)