Discussion in 'other firewalls' started by TAG97, Aug 14, 2002.
Being a Sygate user I always wonder about this list.
Hey TAG,I use Sygate free version.Could you explain what that is?Is this signature part of the pay version?
the Tester, I know it's in the Pro version. As far as Sygate Free I'm not sure. Do you have an update option for Signatures? If you do I beleave it would be in the Free version then.
TAG, why not ask KING over at Beckys? I believe he's the latest resident xspurt.
Tag,thanks for explaining that to me.I did find that signature updates are available on the pro version only.Looks like a cool feature though.
Ok thats it i have to ask do we have infintrators trying to redirect traffic to xxxx is it cause there rep of treating newbys bad and calling them troll that they sent people here to recruit=0
i got some real horror storys about xxx ill go post it in tenford as not to interupt this firewall forum
as for my qustion how would you compare Sygate free with za free what are the key difrences and how much is pro verstion
xxx-out irrelevant part - Forum Admin
That page you are looking at from sygate is a breakdown they have availble on the scan engines and how they come into play today in detecting the various know exploits and vulnerabilites in a system. If you are intesrted in this field there is a good 4 part article I have posted below with the lead in to the study.
I think you will find out this has nothing to do with the free sygate firewall..but rather their other products.
Intrusion Detection Signatures - Last updated 8/1/2002
Type I = Signature based Intrusion Detection Engine
Type II = Trojan Detection Engine
Type III = Denial of Service Protection Engine
Network Intrusion Detection Signatures, Part One
by Karen Kent Frederick
last updated December 19, 2001
This is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. Such signatures ignore packet payloads and instead look for certain header field values or combinations of values. By learning about network IDS signatures, you’ll have more knowledge of how intrusion detection systems operate, and you’ll have a better foundation to write your own IDS signatures.
A network IDS signature is a pattern that we want to look for in traffic. In order to give you an idea of the variety of signatures, let’s quickly review some examples and some of the methods that can be used to identify each one:
This is another good article.
The ABCs of IDSs (Intrusion Detection Systems)
What Is an Intrusion Detection System?
Intrusions fall into two major classes. Misuse intrusions are attacks on known weak points of a system. An IDS looks for this type of attack by comparing network traffic with signatures of known attacks. The second class, anomaly intrusions, consists of unknown attacks and other anomalous activity. This may include detection of an intruder who is already inside a network. Anomaly detection is hardly a plug-and-play function. It requires an intimate knowledge of one's network and patterns of user behavior, and an IDS with powerful scripting options.
The basic function of an IDS is to record signs of intruders at work inside and to give alerts. Depending on the product, how it is deployed and its network configuration, an IDS may only scan for attacks coming from outside one's network or it may also monitor activities inside the network.
Some also look for anomaly intrusions. This requires an IDS that can be extensively configured by the user to match the peculiarities of the network to be defended. When Susie the systems administrator is at work at 2 a.m., this may be her normal behavior. But when Artie the administrative assistant logs on to his workstation at 2 a.m., that is most likely an anomaly. An IDS that detects anomalies must be scripted to tell the difference between the two log-ons.
www.sygate.com Sygate Personal Firewall
Personal firewall IDS SC Magazine review: "Basic IDS capabilities plus a personal firewall rolled into a single package."