For a smart-ass response, see below....
----- Original Message -----
>From: <detmar.liesen_at_lds.nrw.de>
>To: <focus-ids_at_securityfocus.com>
>Sent: Monday, November 11, 2002 11:40 PM
>Subject: AW: Changes in IDS Companies?
<snip>
>I don't have enough practical experience to tell if the following idea is
good,
>but I suggest using a GIDS as a protecting device with just the most
important
>signatures that are knownt to reliably detect/block those attacks we fear
most:
>-worms
>-trojans/backdoors
>-well-known exploits
I hate to state the obvious, but if we know enough about these threats to
write a signature to detect them, then we know enough to re-configure our
systems to be immune to them. Having a GIDS protect against such things
just leads to a false sense of security.
>Additionally, NIPS vendors should always maintain a list of those most
common
>and most dangerous attacks that also gives information about known
>false-positives for these signatures.
Yeah, so we can patch or re-configure or systems to be immune to
vulnerabilities and not use their products ;>
On a good day signature-based NIDS cost organizations money to run for no
actionable return....On a bad day they leave the organization feeling secure
when they are not.
Dom
Received on Nov 12 2002
Intro
