Sygate's Signatures

Discussion in 'other firewalls' started by TAG97, Aug 14, 2002.

Thread Status:
Not open for further replies.
  1. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    Being a Sygate user I always wonder about this list.
    click here
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hey TAG,I use Sygate free version.Could you explain what that is?Is this signature part of the pay version?
     
  3. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    the Tester, I know it's in the Pro version. As far as Sygate Free I'm not sure. Do you have an update option for Signatures? If you do I beleave it would be in the Free version then.
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    TAG, why not ask KING over at Beckys? I believe he's the latest resident xspurt. ;)
     
  5. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Tag,thanks for explaining that to me.I did find that signature updates are available on the pro version only.Looks like a cool feature though.
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Ok thats it i have to ask do we have infintrators trying to redirect traffic to xxxx is it cause there rep of treating newbys bad and calling them troll that they sent people here to recruit=0

    i got some real horror storys about xxx ill go post it in tenford as not to interupt this firewall forum

    as for my qustion how would you compare Sygate free with za free what are the key difrences and how much is pro verstion

    xxx-out irrelevant part - Forum Admin
     
  7. That page you are looking at from sygate is a breakdown they have availble on the scan engines and how they come into play today in detecting the various know exploits and vulnerabilites in a system. If you are intesrted in this field there is a good 4 part article I have posted below with the lead in to the study.

    I think you will find out this has nothing to do with the free sygate firewall..but rather their other products.





    Intrusion Detection Signatures - Last updated 8/1/2002



    Type I = Signature based Intrusion Detection Engine
    Type II = Trojan Detection Engine
    Type III = Denial of Service Protection Engine





    http://soho.sygate.com/document/ids_signature.htm


    _______________________________________________

    Network Intrusion Detection Signatures, Part One
    by Karen Kent Frederick
    last updated December 19, 2001
    This is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. Such signatures ignore packet payloads and instead look for certain header field values or combinations of values. By learning about network IDS signatures, you’ll have more knowledge of how intrusion detection systems operate, and you’ll have a better foundation to write your own IDS signatures.

    Signature Basics

    A network IDS signature is a pattern that we want to look for in traffic. In order to give you an idea of the variety of signatures, let’s quickly review some examples and some of the methods that can be used to identify each one:



    http://online.securityfocus.com/infocus/1524
     
  8. This is another good article.
    ------------------------------------
    The ABCs of IDSs (Intrusion Detection Systems)
    What Is an Intrusion Detection System?
    Intrusions fall into two major classes. Misuse intrusions are attacks on known weak points of a system. An IDS looks for this type of attack by comparing network traffic with signatures of known attacks. The second class, anomaly intrusions, consists of unknown attacks and other anomalous activity. This may include detection of an intruder who is already inside a network. Anomaly detection is hardly a plug-and-play function. It requires an intimate knowledge of one's network and patterns of user behavior, and an IDS with powerful scripting options.

    The basic function of an IDS is to record signs of intruders at work inside and to give alerts. Depending on the product, how it is deployed and its network configuration, an IDS may only scan for attacks coming from outside one's network or it may also monitor activities inside the network.

    Some also look for anomaly intrusions. This requires an IDS that can be extensively configured by the user to match the peculiarities of the network to be defended. When Susie the systems administrator is at work at 2 a.m., this may be her normal behavior. But when Artie the administrative assistant logs on to his workstation at 2 a.m., that is most likely an anomaly. An IDS that detects anomalies must be scripted to tell the difference between the two log-ons.

    http://messageq.ebizq.net/security/meinel_2.html


    Sygate Technologies

    www.sygate.com Sygate Personal Firewall

    Personal firewall IDS SC Magazine review: "Basic IDS capabilities plus a personal firewall rolled into a single package."
     
  9. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    Fascinating Reading.
    Thanks
    Tim :)
     
Thread Status:
Not open for further replies.