[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Testing Firewall-1 [OT]
I don't know where you got that figure.... That *might* apply for a non-tuned, default configured, ISS RS box, but certainly isn't true for a properly tuned IDS system. With any IDS system, you *must* tune nominal traffic out first. For example, you'll see hundreds of "UDP Floods" from your DNS servers....duh... So make sure that whatever IDS system you decide to purchase can exempt via IP (both source and dest), and by signature. Otherwise, false positives will always be a problem. Hope this helps! Jason At 10:07 AM 10/5/00 +0200, you wrote: > >About 90 % of all alarms from an IDS system is false. >So dont feel safe with it! > >/Jonas > > > >-----Original Message----- >From: Martin H Hoz-Salvador [mailto:[email protected]] >Sent: den 5 oktober 2000 00:06 >To: Jonas Thambert >Cc: '[email protected]'; [email protected]; >[email protected] >Subject: Re: [FW1] Testing Firewall-1 [OT] > > > >Jonas Thambert wrote: >> >> eTrust is a IDS system, >> while ISS is a security scanner. > >Anyway, if you have a security (vulnerability) scanner, you may have >"false positives". i.e. Report says that you have a vulnerability where >you don't... :-( > >But the problem is the "technology approach". That's why you still have >to know what "X" vulnerability is, how to exploit it, and how to patch >it. > >Neither, Vulnerability Scanners or Intrusion Detection Systems are 100% >reliable right now. That's why you still need consultants or analysts to >intepret results... :-| > >B.R. :-) > > >============================================================================ >==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >============================================================================ >==== > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|