IT Answers » Intrusion detection

Why IPS?

SearchMidmarketSecurityATE — Tue, 13 Apr 2010 14:14:17 +0000

For those who use an IPS, what were your reasons for implementing it? Here’s a tip on determining your IPS needs: http://searchmidmarketsecurity.techtarget.com/tip/0,289483,sid198_gci1349855,00.html

How much should IT disclose post-intrusion?

Michael Morisy — Tue, 22 Sep 2009 19:57:08 +0000

As SearchSecurity’s recent podcast noted, Apache’s recent security disclosure was unusual in how thorough it was. Just curious: What’s your company’s intrusion or malware disclosure policy, and are you happy with how it’s implemented?

Defense in depth and unified threat management appliances

SearchMidmarketSecurityATE — Thu, 07 May 2009 19:01:34 +0000

Experts tout unified threat management appliances as an ideal antimalware, intrusion prevention and content filtering firewall for midmarket companies. But doesn’t this counter the long-standing security practice of defense-in-depth? With a one vendor, platform, and management console, aren’t we talking about a dangerous single point of failure?

When is UTM good enough? When should we go with standalone devices?

Can an IPS collect information of all layers like like which protocol and port numbers are being used or it can only sniff till layer 3 detail ?

Rahul Shrivastava — Wed, 01 Apr 2009 18:49:37 +0000

Hi. I have a scenario where an IPS is connected to the switch and is monitoring all the ports of it. I would like to know that whether this device can capture information till layer 3 (network layer) or it can capture full details of all seven layers, like which application, protocol and port is being used ? Thanks.

your responses awaited.
Cheers.

Solutions for sniffing?

Rahul Shrivastava — Mon, 05 Jan 2009 06:29:03 +0000

Hello Guys.
Can anybody help me know that how to protect traffic from being sniffed? One solution is encryption, anything else ?

Your answers awaited.
Cheers.
Rahul

Intrusion from 255 network broadcast address

Slvd — Fri, 01 Aug 2008 15:48:01 +0000

We have about 25 computers on our network. All have F-secure client security installed. Today on several of them I get a pop-up stating that an intrusion attempt has been blocked from the .255 network broadcast address. This is the first time this has occurred. What could be some possible causes for this?

Thank you for your time. It is appreciated.

HIDS

EDUMEX129 — Thu, 22 May 2008 11:43:40 +0000

New Answer by Michael Tidmarsh

HIPS

Jjmillan — Tue, 18 Mar 2008 17:41:26 +0000

My company currently has a HIPS solution that is end of life. We are researching all of the different products out there. What would be the key things to look for in a solution?

Recommendations for hosted intrusion detection and prevention system vendor?

Billpoly — Mon, 08 Oct 2007 05:27:14 +0000

Hello,

I am looking for a 100% outsourced (hosted, managed, etc.) intrusion detection and prevention system vendor for use in the payment card industry. They should be able to demonstrate recognition of and compliance with PCI security parameters. Does anyone have any qualified recommendations based on experience with particular vendors? If you have contact information for a particular vendor that you could share, that would be even better.

Also, does anyone have any guidelines against which to evaluate an intrusion detection and prevention system vendor – either for a hosted or in-house system?

Best regards,
Bill