hi Bill,
On Fri, 04 Aug 2000, [EMAIL PROTECTED] wrote:
> I agree hold heartedly with dreamwvr. IDS is in its infancy. One point
> that needs to be emphasized is that network based IDS uses two primary
> means of detecting intrustions. The most common method is pattern
> recognition. Attacks have a particular pattern (signature) that can be
> recognized. The problem of course is (like virus detection) the attack
> must be known, the signature created and then distributed to the IDS
> systems. The second method of detection is differential detection. A
> network has certain "normal" operating parameters and when operations go
> outside the norm then an alarm is generated. The advantage with this
> method is that it adapts automatically. The disadvantage is that it tends
> to generate alarms for any unusual activity whether security related or
> not. For example, updating software on clients generates a lot of
> traffic that the IDS sees as abnormal.
>
> The best approach is a combination of both methods. The reason the most
> popular IDS products rely primarily on pattern recognition is because it
> is the easiest to build and the easiest to sell. Dreamwvr is right about
> the BEST never gets beyond first base and that applies to a lot of
> products.
>
> -- Bill Stackpole, CISSP
Reuters, London, February 29, 1998:
Scientists have announced discovering a meteorite which will strike the
earth in March, 2028. Millions of UNIX coders expressed relief for being
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>;
DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html>;
<mailto:[EMAIL PROTECTED]>;
->> Open Solution Provider and North American Distributor<<-
"===0 PGP Key Available
*************** "As Unique as the Company You Keep."*****************
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
