Actually, there is more to it than that.
Logging - what type of output (.gz, zip, .tar, .enc, .cap, tcpdump, more of
recording everything it sees on the wire, not all IDS products log the same
way, so one has to be careful in how they describe logging versus packet
capture
2. Hack utilities - where does one receive corporate support for hack
utilities, unless you pay for them (i.e. L0phtcrack, ISS Security Scanner,
Cybercop, Retina, Nessus and on and on).. Those type of hack utilities may
or may not test for all the cgi-bin/phf variations, some IDS may not detect
either.
3. Unless your a whiz at crafting malicious or varying sized packets loaded
with exploits, etc
4. What about application testing tools, what QoS, etc, etc. Organizations
are looking at IDS to be able to handle lots and lots of traffic, typical
hack utilities do not test for that
/m
-----Original Message-----
From: Michael T. Babcock [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 12, 2001 7:40 AM
To: Mark Teicher; Avi Fogel; 'Brian Ford'; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Personal Firewalls in corporate settings...
Good logging on the IDS side.
Good hack utilities to attempt cracks on your own network from the outside
(friendly, of course -- no running "Lock all win2k servers" :-)
----- Original Message -----
From: "Mark Teicher" <[EMAIL PROTECTED]>
Which leads to another topic: IDS
testing tools, how do you know you that your IDS is actually doing what the
vendor
says it does. ??
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
