IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPS Vendor Evasion

From: "Tim Holman" <tim_holman () hotmail com>
Date: Wed, 3 Jan 2007 20:29:07 -0000
Probably, but then no IDS/IPS is ever going to offer you 100% protection (ie you need defense in depth), so should such a list _really_ matter? I'd love to get my hands on a list of companies that rely on such lists for IDS/IPS selection in the hope that an IDS/IPS will make up for sloppy internal security! :P I don't know... is there such a thing as a _bad_ IDS or IPS anymore? The market is so saturated that you can pretty much get away with buying anything, but then it really depends WHAT you want an IDS/IPS for, and what other protection you have in place, rather on whether or not it will let through obscure exploits. I'm pretty sick of IPS bake-offs, magazine reviews, and ill-educated comparisons - what really counts is your overall security. 99.999% is good enough, 100% is never achievable, so why bother picking holes when you know you're going to find them? :) Anyway - the list you have in mind is over 18 months old now - http://www.darkreading.com/document.asp?doc_id=99581&WT.svl=news1_2 - too many things would have changed since then for it to make relevant selection criteria for you, if that's what you have in mind? But, with the best will in the world, even the best IPS/IDS with up to date patches and 24/7 support will never defend you against badly written code or unpatched systems, and you may as well not bother using one at all if you're not going to take these other things into consideration. 

Happy New Year!

Tim
----- Original Message ----- From: <trav_2 () hotmail com> 
To: <focus-ids () securityfocus com>
Sent: Wednesday, January 03, 2007 2:49 AM
Subject: IPS Vendor Evasion
At Blackhat HD Moore and Brian Caswell did a presentaion of bypassing IPS. Maybe I dreamed this but wasn't there a list of vendors that were and were not bypassed? Maybe it was not HD and Brian that did it. If there was such a thing where can I find it? 

Thanks,


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: