Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
Uses IDS/IPS effectively the best method
  Add date: 07/17/2008   Publishing date: 07/17/2008   Hits: 34
Total 2 pages, Current page:1, Jump to page:
 
In we act according to the user selection and broadcast to issue the topic which are “use IDS and the IPS secret effectively” in the network direct seeding, honored guest speaker Jeff Posluns provided has used IDS/IPS to implement the skill which the positive security crack managed, and thoroughly inspected an enterprise's secure state. Some questions which in the scene direct seeding below is Jeff answers the user who proposed.

Questioning: Is should receive the IDS warning merely by information system security group's members, many members as well as corporate management level's member should receive this kind of warning?

Answer: Your this question's answer should be based on the following fact decision-making:

1. comes from IDS many warnings is the wrong report.

2. comes from IDS many warnings to have nothing to do with the urgent question.

3. comes from IDS many warnings not to need to take the action immediately.

4. comes from IDS the minority warning to need to carry on the investigation.

5. the very few warnings need to take the action immediately.

This is I to this question idea. If has a person to accept visiting or have one to accept visiting the plan, only then this person is the human who should inform. If you already spent many time, to adjust your alarm system diligently with the money, you will not obtain many warnings and need to track these warnings. Perhaps a ticket clerk system is most appropriate. In this case, the IDS system founds a ticket, security group's members is responsible to receive the messenger call and the warning. If this ticket has not renewed within four hours, that uses the beeper to call a manager. I once saw has worked like this ticket clerk system.

Questioning: Because IPSes possible to prevent the normal correspondence, IPSes has filled the danger?

Answer: IPSes the question which causes in the history the solution question are more. But, uses today's technology, blocks the normal correspondence the situation very little to occur wrongly. Must remember, you cannot purchase and install IPS, then washes one's hands of lets it handle all matters. IPS or IDS need to look like the child to give the care equally; Let it study, but, you must correct its mistake as far as possible, passes to it yours wisdom.

I already saw probably 200 have moved the IPS case, I can recall extract the present question to have 3. These questions are between the http server not the normal correspondence create, IPS these correspondence examination for bad correspondence. Once after rule repair, did not have the question which was worth worrying.

Questioning: I use one kind of named Snort the invasion examination system, in mine impression not massive false alarms. I really has not trusted the OTS technology such to trust this system likely. What thing did I omit?

Answer: The default Snort rule does not need to adjust in the majority networks. You very possibly see to many wrong ICMP (the Internet control news agreement) the warning, and possibly sees certain wrong DNS and the HTTP warning. If you install “Bleeding Edge” the rule, you will see more things.

 
Other pages: : 1 * 2 * Next>>
Prev:Safe application: Using IDS security database Next:IDS invasion examination system's test and appraisal

Comment:

Category: Home > invades the examination
Home