IDS: RE: SourceFire RNA

["Rob Shein" <shoten () starpower net>]

Ahh, understood.  But again, this supports my point; it's not realistic to
posit a node on a network that is entirely silent; it just doesn't happen.
This is just another scenario that explains why. :)

> -----Original Message-----
> From: Renaud Deraison [mailto:deraison () nessus org] 
> Sent: Tuesday, December 02, 2003 12:01 PM
> To: Rob Shein
> Cc: 'Lior Tal'; focus-ids () securityfocus com
> Subject: Re: SourceFire RNA
>
>
> On Tue, Dec 02, 2003 at 11:44:30AM -0500, Rob Shein wrote:
> > I wouldn't say "reactive security practices don't work."  There's 
> > absolutely no way to cover all the bases in advance, and 
> that's just 
> > how life is; you have to have a reactive capability to be secure.
> Sorry, I was not clear - I actually meant reactive 
> vulnerability management practices don't work (ie: wait for 
> an attack to occur, patch afterwards).
>
> That is, if you have a 100% passive tool which is here to 
> help you foresee 
> possible vulnerabilities on your network it's not OK to say 
> that you don't 
> really care about mute hosts. This is why we advise the use 
> of passive scanners like NeVO or RNA to be used in 
> conjunction with active probes. 
>
>
>                               -- Renaud
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------