|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jason (security
brvenik.com)
Date: Fri Sep 21 2007 - 13:13:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jean-Pierre FORCIOLI wrote:
> Hi,
>
> I reviewed several IDS/IPS products and I concluded that there is two kind
> of signatures languages.
> First one, the simplest, allows attack detection customization by changing
> some value in the signature, or allows creating new attack by adding a one
> line rule (snort rule).
Simple snort rule.
> Second one, the hardest, allows full signature or new protocol state machine
> development. by mean of a complete programming language (N-code).
Multiple Snort rules to model protocol state.
>
> I would like to know what are the pro/cons of using both methods. I would
> appreciate some feedback from some real life experiences, if possible.
Effectiveness for the stated purpose. Each approach has it's place
depending on the complexity of the vulnerability as it can be observed
on the wire.
>
> TIA.
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]