"Zow" Terry Brugger wrote: > Absolutely, which I think underscores the point I was driving at, but > never actually said, which is that the difference between the devices > is primarily that of what network layer it's operating at.
Then we apparently disagree, but agree in the substance :) > to IPS, and I'd be hard pressed to name a network IDS that didn't have > an active response version or add-on. But as Renaud Bidou pointed out in a great presentation which I cannot currently find, an IPS has substantially different focuses from an IDS, and therefore its evaluation ought to be handled completely differently. (found it: www.iv2-technologies.com/~rbidou/HowToTestAnIPS.pdf) > research systems using more advanced techniques. Of course, we don't > currently have the means to quantitatively test such systems, which is > where my current research interests lie. We don't have a way to meaningfully test any IDS system, for that: http://www.first.org/conference/2007/papers/zanero-stefano-paper.pdf So any further thought to that area is definitely welcome :) SZ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
