Is anyone aware of research that has been done to qualify/quantify the false negatives that commercial IPS's will pass when running on a default configuration?
My understanding is that every IPS ships with only a portion of its rules activated; the reason being that some suspect traffic can either be an attack or legitimate network traffic. Therefore, blocking such traffic can be problematic, and visibility is the only realistic defense. ~~~~~~~~~~~~~~~~~~ Brian Basgen IT Security Architect Pima Community College ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
