IDS mailing list archives
Re: IDS Security Metris
From: dpat () space gr
Date: Fri, 06 Apr 2007 03:38:36 +0300
Could you please define metrics? It's quite a wide term... Should you look for decision making criteria (technically speaking), my list should include: 1. false negative rate, to see how many real incidents your IDS may miss 2. false positive rate, to see how many "fake" incidents your IDS won't miss 3. security of the IDS itself (well, here come another 10 metrics but won't dig into) 4. handling of encypted traffic (SSL, more precisely) 5. number of supported network segments (either physically or using VLANs) 6. integration/correlation with vulnerability assessment tools (with a unified attack description so that nobody gets confused) 7. custom signatures (e.g. snort-type) and exceptions capability (sometimes things get really bad, so it's a very nice to have) 8. integration with log analysis/correlation systems (call them SIM/SEM, etc.) 9. integration with ticketing systems (an incident may widely affect an organization) 10. automatic responses (or policy-based responses) - not "shunning" 11.reporting (somehow somebody must get nofitied in a language they can understand) Should you turn into IPS, take also into account: x1. number of "trusted" signatures (IBM/ISS-terminology, sorry..) x2. modes of operation (IDS only, transparent, learning mode, hybrid) x3. average time of signature issuance (not easy to estimate) Of course, cost, R&D, vendor stability and coverage, etc. should not be overlooked. Lately, there are a number of IDS/IPS technologies used in firewalls,content security,SSL VPN gateways, etc.If your case is this,the lists above should look somehow different. Hope this helps. Dimitrios Patsos, Ph.D.(Cand.),M.Sc. Security Architect CMA,CME,CCDA,CCSA,CCSE Quoting jlynnmonett () yahoo com:
Could someone help me. I need to create a list of 10 security metrics for a IDS. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS Security Metris jlynnmonett (Apr 05)
- Re: IDS Security Metris Jamie Riden (Apr 05)
- Re: IDS Security Metris Stefano Zanero (Apr 09)
- Re: IDS Security Metris Jamie Riden (Apr 09)
- IDS/IPS evaluation (was Re: IDS Security Metris) Tremaine Lea (Apr 09)
- Re: IDS Security Metris Stefano Zanero (Apr 09)
- Re: IDS Security Metris Eric Hacker (Apr 05)
- Re: IDS Security Metris dpat (Apr 09)
- Re: IDS Security Metris tim_holman (Apr 10)
- Re: IDS Security Metris Jamie Riden (Apr 05)