OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Ruscher (Mike.RuscherCSE-CST.GC.CA)
Date: Wed Apr 04 2001 - 17:11:28 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Thanks Patrick. I think I know who the vendor might be. I believe they were
    involved in some of the earlier testing activities. It's been a long road
    for the DWG; it's good to hear we are getting closer.

    The fact that snort supports this, should get some of the other IDS
    developers to stand up and take notice... thanks for that link.

    Hype all you like. The only way we are going to lick this thing is to
    partner as a team and put propriety aside to a large extent. Let features
    and innovation save the day, not closed-mindedness. All we need now is a
    richer set of "skins" for snort!

    I'm all for open standards, as long as they are formalized, aggressively
    tested, adhered to, and implemented using security engineering practices,
    (not a repeat of the experiment we are continually seeing abused today i.e.,
    TCP/IP et al).

    mgr

    > -----Original Message-----
    > From: Patrick Mueller [mailto:pmuellerNEOHAPSIS.COM]
    > Sent: Wednesday, April 04, 2001 11:21 AM
    > To: FOCUS-IDSSECURITYFOCUS.COM
    > Subject: Re: multiple IDS layers - a new paradigm?
    >
    >
    > On Wed, 4 Apr 2001, Mike Ruscher wrote:
    >
    > > The CDIF promised some early hope that this would be realized in a
    > > reasonable timeframe. I haven't heard a peep out of that
    > community, nor the
    > > IETF, since the infamous "demo" CIDF experiment a long while ago.
    >
    > For all intents and purposes (for various reasons), CDIF is
    > dead and gone
    > (yes, the site is still out there) and the good things that
    > came out of it
    > have been rolled into the IDWG (Intrusion Detection Working
    > Group, part of
    > the IETF).
    >
    > Have a look at http://www.ietf.org/html.charters/idwg-charter.html
    >
    > The intent is to have the documents proceed to draft status
    > at the August
    > meeting of the IETF, though that is obviously not guaranteed. Progress
    > looks promising, as there are various implementations at
    > different stages
    > of completion, and there is talk of at least one of the major vendors
    > committing to plugging in support for the standards (don't
    > ask who, as I
    > can't say).
    >
    > snort even already has support for the IDMEF (Intrusion
    > Detection Message
    > Exchange Format). See http://www.silicondefense.com/idwg/snort-idmef/
    >
    > As you can tell, I'm hyping this since I'm all in favor of
    > open-standards,
    > which I think will allow the IDS industry to come to the next level of
    > maturity.
    >
    >
    > --
    > -- Patrick
    >
    >
    > Patrick Mueller === Security Analyst ===
    > <pmuellerneohapsis.com>
    > ----- Neohapsis <www.neohapsis.com> -----
    >

    Mike Ruscher, ITS Specialist I2, CSE/CST
    mgruschercse-cst.gc.ca
    Phone: +1 613 991-8040
    ED/C200
    http://www.cse-cst.gc.ca