OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: IDS: kernel implementations
From: Dug Song (dugsongmonkey.org)
Date: Sat Jul 22 2000 - 20:14:37 CDT

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
On Sat, 22 Jul 2000 mhtCLARK.NET wrote:

> The true test lies within how fast a particular IDS can go, the least
> amount of false positives reported, and interoperability with other
> security devices that may be present in a particular organization.

oh, but vendors will simply claim that they're "the fastest, most
accurate, and most widely interoperable" in the absence of any hard and
fast criteria. just look to the firewall market for precedent.

without well-defined quality metrics, who's to say for certain how any two
IDSs compare? what you measure, and how you measure it, are of the utmost
importance when evaluating a system - but we haven't even begun to develop
test methodologies that are generally useful.

but we've been over all this before.

        http://msgs.SecurePoint.com/cgi-bin/get/ids-9910/9/1/1/1/2.html

just spinning my wheels,

-d. 

---
http://www.monkey.org/~dugsong/