User talk:Pickyt/sandbox
Peer Review
editOverall this is a good start but, I feel like readability is going to be a large concern for this article. it is easy to assume to that the readers of the is page will be Network engineers with degrees in Computer Science but the every reader might not be. I think this article would benefit heavily from plain english explanations of technical terms. For example explain TCP, IP, CPU. With that in mind, examples of each method will be very beneficial. Other comments
1. In the past, an adversary using the Unicode character set could encode attack packets that an IDS would not recognize but that an IIS web server would decode and become attacked. This sentence doesn't make sense.
2. Add some horizontal lines to divide the main the sections to make reading easier.
TeaglesCS (talk) 17:17, 25 March 2016 (UTC)
Peer review of "Intrusion Detection System evasion":
Overall, the article has good structure. Just by looking at the contents, it is clear that the final article will be comprehensive and cover the entire area of study. The article also appears focused by design and doesn't stray into unnecessary information. As a suggestion (which, honestly, is up to your discretion because I'm not entirely sure if this is warranted), you might be able to include a section about the implications of bypassing an IDS. From reading your article I now know how to do it, but I don't know why I would want to or what would happen if I do. But, this might be included in the IDS page itself, so it's up to you to decide whether you want to add surrounding details.
As for the introduction, you should look at the IDS page and mimic its format. For instance, the first paragraph is a general look at the idea, then the second paragraph adds more specific details. Your introductory paragraph isn't too far off, but it does jump straight into details without fully explaining what the concept is.
Minor points, sections just need some more detail.
NaTaHu (talk) 17:42, 25 March 2016 (UTC)NaTaHu
Peer Review round 2
editMajor Points
edit- The section "Insertion and evasion might be a little too technical
- The sections might need to be named differently. Maybe "Evasion by insertion" and "Evasion by payload obfuscation" etc
Minor Points
edit- In the first section, payload and packet need either an explanation or definition
- Fail-open/Fail-closed don't have Wikipedia pages
- In the section about Operator fatigue: "IDSs" should be "IDSes"
Tessiro (talk) 17:57, 4 April 2016 (UTC)
Peer Review 2
editMajor Points
edit- Some of the information left out from the original article to here seems like it could have been an important contribution to the article. For example the mention of the paper that popularized IDS. However, you may have a good reason to have taken it out, so it is at your discretion.
Minor Points
edit- Overall a good job at making a complex article more accessible, however some simplifications seem a little out of place considering this article is about a technically heavy concept. For example, "modifications" in the first sentence didn't need to be changed to "changes," and there are a few others you could probably assume the reader would know or easily be able to figure out.
- Fail-open and Fail-closed are dead links