I decided to mention Firekeeper on the security forums at LQ.org. One of the moderators there mentioned that NoScript was better at blocking malcode than Firekeeper. In order to understand what he was talking about (I'm confused about that comment), I decided to install both to see if one can layer and leverage both of these tools. I also wanted to see which was better at blocking and alerting on malcode in general.
It appears that NoScript is specific to javascript, although it looks to detect cross-site scripting, flash, and MS' version of Flash. It also works via whitelists and blacklists and not pattern matching (other than focusing on the word "script" and occasionally focusing on "ath.cx" (I haven't determined why it does this yet).
Both tools work in conjunction with another fine, though (so far).
I'm partial to Snort because an efficient and focused rule will always beat someone adding a site to a whitelist. I've seen trusted sites be hacked before, so if a trusted site is violated and begins serving malware, you're going to be visiting that site and that site will be in your white list...with Firekeeper, it will alert and block any malicious traffic.
The bad thing about Firekeeper is that someone always has to maintain the ruleset (be it the user or the developer or a combination of both).
I'll continue to comment as I learn both tools.
Showing posts with label Firekeeper. Show all posts
Showing posts with label Firekeeper. Show all posts
Monday, April 28, 2008
Sunday, March 30, 2008
Firekeeper, an IDPS system (plugin) for Firefox
http://isc.sans.org/diary.html?storyid=2403 explains Firekeeper, an IDS/IPS Firefox browser plugin.
I'm running it on two machines that run Slackware (versions 11.0 and 12.0). I may throw it on my work machine (which runs Windows XP), but that may be a bit daring.
Firekeeper's homepage is at http://firekeeper.mozdev.org/installation.html
Please share your experiences with this plugin...this is a great idea and may be a Holy Grail for malware that infects via browsers.
Also, I've found what may be a good security site, http://www.megasecurity.org/Main.html. It may take me awhile to read, as it has tons of data, it seems.
I'm running it on two machines that run Slackware (versions 11.0 and 12.0). I may throw it on my work machine (which runs Windows XP), but that may be a bit daring.
Firekeeper's homepage is at http://firekeeper.mozdev.org/installation.html
Please share your experiences with this plugin...this is a great idea and may be a Holy Grail for malware that infects via browsers.
Also, I've found what may be a good security site, http://www.megasecurity.org/Main.html. It may take me awhile to read, as it has tons of data, it seems.
Subscribe to:
Posts (Atom)