Hi Stefano,
Though I partly agree with you that this did sound like a vendor
pitch, I do feel that intrusion prevention solutions slowly need to
start making appearance in the internal security scenarios, though the
type of intrusions detected would not exactly be the same. Worm
propagations which are more of an internal security issue could
effectively be handled by Internal Security Devices. To this end,
detection of protocol/statistical anomalies needs to be a key component
of Internal Security Framework.
Thanks
Proneet
---------------------------------------------------------------
To have known the best, and to have known it for the best, is success in
life.
-----Original Message-----
From: Stefano Zanero [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 18, 2006 1:24 PM
To: Steven Williams; Focus-Ids Mailing List
Subject: Re: Juniper and ISS Protocol Anomaly Detection Evaluation
Steven Williams wrote:
> Guys,
>
> Have a look at Extreme Networks Sentriant. More designed for internal
> protection than perimeter, this offers true Day Zero mitigation
> instead on relying on signatures or patterns, and also looks at layer
> 2 traffic as well.
Sounds like a vendor pitch to me... setting aside the fact that it's
unusually difficult to find any technical information on that website,
let's also ignore the fact that an intrusion prevention system is
usually placed on an enforcement point, and therefore rarely useful for
internal protection...
What would "true zero day mitigation" mean, exactly ? From what I read,
it looks like a rather naive application of dynamic quarantine combined
with non-allocated space virtual honeypots. Something you can easily do
with Linux, honeyd, arpd, and a couple of scripts.
Am I missing something ?
Stefano
BTW: "Hyper Detection" sounds a bit like star trek. My kudos to the
marketing department...
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
