mailing list archives
Re: lots of monkeys staring at a screen....security?
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 27 Oct 2006 07:24:00 -0500 (CDT)
On Fri, 27 Oct 2006, Joanna Rutkowska wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Dave Korn wrote:
Second point is: defense in depth. It's an extra barrier. You don't /not/
run an AV just because someone can write a custom virus it won't detect. You
run simple and automated systems that can deal with the 90% of threats that
are easily managed in order to free up valuable /human/ resource to look into
the 10% that really do need to be understood. It does /work/; it's just that,
when working, it only has a limited role to fill and is not a
Nobody says it needs to be a one-size-fits-all solution - it's just that
there is a difference between something which is capable of
detecting/preventing only a bunch of *known* exploits vs. something
which is capable of preventing a known *class* of attacks...
Enough people here know about how IDS's don't live up to nearly any
expectations, or how they.. do? I personally don't believe in them in any
way, I would implement them once I am done with a lot of other security
Now, if I am to look at what they give me vs. another box for compromising
which sits in a critical location... I am not sure what choice I'd make.
For some reason, people equate Intrusion Detection to IDS devices. IDS
devices are signature based and try to detect bad behaviour using, erm, a
sniffer or equivalent.
Intrusion detection is everything which will help detect an intrusion. IDS
won't unless it's too late, and keep you busy while you're at it.
Dailydave mailing list
Dailydave () lists immunitysec com