Tuesday, April 22, 2008
Snorts Effectiveness
6:47 PM | Posted by
Stephen |
Edit Post
So, I have snort running on my OSX system. Cool. Does it do as advertised?
Well, its alerting on every RSS feed I browse using Newsgator as "ADWARE Gator". Hmmm.
At work we have this very cool vulnerability analyser called "appscan" which is designed to test websites in development for Cross Site Scripting and SQL Injection. So if I ran it against my website that snort is monitoring it will alert right?
Wrong. Not a blip. I wonder if the commercial sourcefire Network IDS systems are like this too?
I think this is just symptomatic of the entire technology, its just not up to detecting sophisticated web attacks. So If we close all ports except 80 and 443 and put an IDS outside the firewall, whats the IDS for?
The answer is "compliance". Hmmm. Security for securitys sake, I thought we were long past this.
Well, its alerting on every RSS feed I browse using Newsgator as "ADWARE Gator". Hmmm.
At work we have this very cool vulnerability analyser called "appscan" which is designed to test websites in development for Cross Site Scripting and SQL Injection. So if I ran it against my website that snort is monitoring it will alert right?
Wrong. Not a blip. I wonder if the commercial sourcefire Network IDS systems are like this too?
I think this is just symptomatic of the entire technology, its just not up to detecting sophisticated web attacks. So If we close all ports except 80 and 443 and put an IDS outside the firewall, whats the IDS for?
The answer is "compliance". Hmmm. Security for securitys sake, I thought we were long past this.
Subscribe to:
Post Comments (Atom)
find / -name "*security*" -print
0 comments: