i understand from several emails in this list is that UTM or IPS devices enable only subset of signatures for detection as well as blocking - it is being termed as 'sane IPS', 'out-of-box IPS' , recommended etc..
is there any criteria (standard or non-standard) used in categorizing signature as 'recommended'? is it based on CVE priority? Thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
