NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Testing Firewall-1 [OT]



I don't know where you got that figure....  That *might* apply for a
non-tuned, default configured, ISS RS box, but certainly isn't true for a
properly tuned IDS system.  With any IDS system, you *must* tune nominal
traffic out first.  For example, you'll see hundreds of "UDP Floods" from
your DNS servers....duh...  So make sure that whatever IDS system you
decide to purchase  can exempt via IP (both source and dest), and by
signature.  Otherwise, false positives will always be a problem.  Hope this
helps!

Jason

At 10:07 AM 10/5/00 +0200, you wrote:
>
>About 90 % of all alarms from an IDS system is false.
>So dont feel safe with it!
>
>/Jonas
>
>
>
>-----Original Message-----
>From: Martin H Hoz-Salvador [mailto:[email protected]]
>Sent: den 5 oktober 2000 00:06
>To: Jonas Thambert
>Cc: '[email protected]'; [email protected];
>[email protected]
>Subject: Re: [FW1] Testing Firewall-1 [OT]
>
>
>
>Jonas Thambert wrote:
>> 
>> eTrust is a IDS system,
>> while ISS is a security scanner.
>
>Anyway, if you have a security (vulnerability) scanner, you may have
>"false positives". i.e. Report says that you have a vulnerability where
>you don't...   :-(
>
>But the problem is the "technology approach". That's why you still have
>to know what  "X" vulnerability is, how to exploit it, and how to patch 
>it.
>
>Neither, Vulnerability Scanners or Intrusion Detection Systems are 100%
>reliable right now. That's why you still need consultants or analysts to 
>intepret results... :-|
>
>B.R.   :-)
>
>
>============================================================================
>====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>
>===========================================================================
=====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.