Something to think about too. The only 2 things in life that are 100%
guaranteed are death, and taxes. There is NO such thing as 100%, best I'd
say...in this industry, is about 66%...and that's even very good.
::: -----Original Message-----
::: From: Jill Tovey [mailto:jill.tovey_at_bigbluedoor.com]
::: Sent: Monday, December 09, 2002 4:46 AM
::: To: focus-ids_at_securityfocus.com
::: Subject: Re: Intrusion Prevention
:::
:::
::: In-Reply-To:
::: <20021206031213.FGIH2199.lakemtao01.cox.net_at_smtp.east.cox.net>
:::
::: ActiveScout by all intents and purposes seems a unique and
::: innovative
::: approach to IDS technologies and provides a number of
::: advantages over
::: other detection systems, such as proactively detecting
::: reconnaissance
::: attacks.
:::
::: However, as far as I can see the disadvantages could be
::: that you can only
::: run the sensor on a redhat 7.2 platform, which is fairly old now.
:::
::: On testing it seems to have performed well, however, I have
::: read that
::: there have been some problems. ActiveScout is good at
::: detecting attacks
::: that are followed by reconnaissance activities, but does
::: not catch all
::: direct attacks made on a system.
:::
::: I think it would work well with an anomaly-based IDS on the
::: internal
::: network.
:::
::: Kind Regards,
:::
::: Jill Tovey
::: None
:::
:::
:::
Received on Dec 10 2002
Intro
