Re: CRIME Checkpoint versus Sonicwall

From: Crispin Cowan (crispin@private)
Date: Fri Aug 30 2002 - 08:11:26 PDT

Next message: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"

Previous message: Nicholas Murphy: "RE: CRIME Checkpoint versus Sonicwall"
In reply to: Seth Arnold: "Re: CRIME Checkpoint versus Sonicwall"
Next in thread: Justin Kurynny: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Seth Arnold wrote:

>What happens next? I can guess a phone call to the system administrators
>saying, "hey, you were owned on tuesday", but where do you go from there?
>
... and how would a signature NIDS report saying "hey, I saw a chunking 
exploit last Tuesday" be any more useful than a Tripwire report that 
told you exactly what happened on the host?

The value of NIDS over other IDS's is fast detection, which is only 
useful if the detector is being monitored. Does your package include 
NIDS? Or, for customers likely to choose weekly monitoring, do you 
recomend mostly forensic IDS?

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

Next message: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
Previous message: Nicholas Murphy: "RE: CRIME Checkpoint versus Sonicwall"
In reply to: Seth Arnold: "Re: CRIME Checkpoint versus Sonicwall"
Next in thread: Justin Kurynny: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 08:57:53 PDT