[Dshield] IPS/IDS solutions--your opinions?
Johannes Ullrich
jullrich at euclidian.com
Wed Jan 23 17:14:14 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
My basic "guidelines" for an IDS:
- - you have to be able to inspect the existing signatures (and modify
them)
- - you have to be able to add your own signatures.
- - the IDS should provide "full packets" for alerts.
Ultimately it comes down to that your IDS has to be tunable. If you
can't tune it, its not worth much. And in order to tune it, you need
to be able to "second guess" it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFHl3XnPNuXYcm/v/0RA0KqAJ9d5vzzAHfl4dofLzM+AGcyxM8wAwCggVoe
I7IxKWmXEwPo6VQa0b5uMRE=
=W3yB
-----END PGP SIGNATURE-----
More information about the list
mailing list