Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Re: True definition of Intrusion Prevention
From: George Capehart <gwc () acm org>
Date: Sat, 3 Jan 2004 12:31:22 -0500
On Saturday 03 January 2004 10:28 am, Teicher, Mark (Mark) wrote:

<snip>



A quote from Marcus J. Ranum's book "The Myth of Homeland Security"
Marcus states "If you consider the hundreds or thousands of
applications and crucial files on a given computer or network, you
can imagine that the number of possible combinations for mayhem is
literally
astronomical."  (Available via Amazon..[blatant advertisement here,
it is on my recommended book list] :)

Most commercial and open source operating systems and security
products contains countless bugs because when the core architecture
was written, it was designed to be feature rich (i.e. a slick
UI,etc), and offer the customer a few key security features that
unless they were really knowledgeable, a majority of the security
features were never enabled, since Internet enabled services are
designed for availability, and not security.


Whew!  This thread has generated a lot more conversation than I would 
have imagined.  I started to try to respond to all of the messages from 
Mark, Brian and Fengmin, but it would take me 'way too long and I'd 
repeat myself a lot . . .  ;-)  So I'm going to try to condense my 
thoughts into one short paragraph.

Firstly, this thread has confirmed my personal opinion that intrusion 
prevention is not a very useful term and if we, as an industry take 
that up as a holy grail, we will waste a *lot* of cycles and accomplish 
little.  I'd like to punt and say that what we really need to do is 
manage risk.  A good, robust risk management process will lead an 
organization to the optimal (for that organization) set of controls for 
managing the risks it faces.  The solution set that one organization 
chooses will be *very* different from that of another.

I'm going to shut up now.  This message started out much longer than it 
is now, but all I was doing was making the dead horse twitch with the 
beating . . . . ;-)

Thanks for a great thread everyone!

/g


---------------------------------------------------------------------------
---------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]