<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

IDS: Re: IDS is dead, etc

Re: IDS is dead, etc

From: Bennett Todd <bet_at_rahul.net>
Date: Fri, 8 Aug 2003 13:15:47 -0400

2003-08-08T12:37:24 Scott Wimer:
> The assumption that human beings can design, write, and install
> software without error is WRONG.

No disagreement there. I don't presume software without error.

I do maintain, however, that by combining tight configuration
control with complete abstinance from known-bad software, you can
raise the barrier sufficiently high that the attacks that succeed
will be so wildly new and out of left field that your IDS would be
no more help than your firewall. IDSes detect known problems;
they're the "anti-virus scanners" of the network.

Given such a setting, an IDS is still a great idea, as an
educational tool, but it's not helping to tighten your protections,
because it won't alarm on anything that succeeds.

-Bennett

application/pgp-signature attachment: stored

Received on Aug 11 2003

This message: [ Message body ]
Next message: Barry Fitzgerald: "Re: IDS is dead, etc"
Previous message: Bennett Todd: "Off-Topic: perfect firewall (was Re: IDS is dead, etc)"
In reply to: Scott Wimer: "Re: IDS is dead, etc"
Next in thread: Scott Wimer: "Re: IDS is dead, etc"
Reply: Scott Wimer: "Re: IDS is dead, etc"
Reply: Frank Knobbe: "Re: IDS is dead, etc"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos