On Dec 21, 2007, Larry Seltzer wrote: > Even so, there would be so much less testing to do, wouldn't there?
the beauty of a network based approach is the transparency and low maintenance; but you don't get the visibility of on-host detection... (SSL, large compressed payloads, etc) [0] (and yes, almost no testing client side. manage false positives as they occur at the network appliance) On Dec 21, 2007, Drsolly wrote: > If you update your sigs hourly, then you have less than an hour to do all > the testing. depending on the platform and workflow you can parallelize testing (patches, upgrades, beta, etc) to varying success with virtual machines and a test automation framework. still, even the fastest test configurations would be hard pressed to verify malware feeds real-time before deploying to production. i'd love to know if anyone has even tried such a thing. *grin* 0. Yoggie uses this method to good effect, as example: http://www.yoggie.com/products _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
