|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Local Mirror Prevention with IDS
From: Kyle Maxwell (krmaxwell
gmail.com)
Date: Tue Dec 21 2004 - 15:25:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 17 Dec 2004 14:38:16 +0200, Dimitrios Patsos <dpatspace.gr> wrote:
> Can anybody provide some help on how can we prevent a user from making a
> local mirror of a web site by using both host & network IDS?
I'm not sure that either technology is well-suited to the task that
you're laying out. You could (maybe) use NIDS to *detect* a user
mirroring a site -- if he was doing so at a high rate -- but this
would be more easily spotted in the web server logs.
You have a fundamental problem here: a user can slowly build up the
mirror, and since all the material is publicly available for them to
access, you need more specific criteria for the accesses you want to
prevent. What are you really trying to prevent? It's not just "making
a local mirror", it must be something slightly higher-level. Once you
know that, you can better decide what countermeasures you need to
take.
--
Kyle Maxwell
[krmaxwellgmail.com]
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]