[Cisspstudy] IDS clarifications
Saurabh Bhargava
catchbhargava at yahoo.com
Fri Jan 8 08:13:03 EST 2010
Hello Everyone:
Need your thoughts on below questions:
1. which of the following is the is a weakness of both statistical anomaly detection and pattern matching
A. Lack of learning model
B. inability to run in real time
C. Requirement to monitor every event
D. Lack of ability to scale
I think answer is C but author says its A.
My reasoning - Statistical IDS creates a profile of “normal” and compares activities to this profile. For that, its put in leaning mode and if an attack was happening during "learning" mode, it may go undetected in production environment.
Pattern matching depends on signatures so may not be able to pick up "zero day" attacks.
2. What is the major dis-advantage of NIDS
A. volume of false positives
B. Volume of false negatives
C. Cost of ownership
D. Vulnerability to attack.
My answer was C, author says: A
I understand A is a disadvantage but so is B. I, from my experience think cost of ownership is much bigger issue due to time (and money) spent on fine tuning, log analysis, reporting etc.
Thoughts pls?
cheers, SB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100108/cfd8287d/attachment.html>
More information about the cisspstudy
mailing list