[fw-wiz] Is your IDS output really being checked?
From: Don Parker (dparker_at_rigelksecurity.com)
Date: 03/10/04
- Previous message: Christian Kreibich: "Re: [fw-wiz] Evolution of Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Tue, 9 Mar 2004 18:23:36 -0500 (EST)
Hello guys/gals, not sure how on topic this is but thought it made for intersting
reading, and possible discussion. Many of us have IDS's at our work place. The thing is
just how diligently are the analysts actually parsing the output? Sheer redundance of
false positives, and perhaps skill level I believe is causing a lot of valid IDS output
to be outright deleted or ignored. Unavoidable really I suppose, human nature being what
it is. The real question being; is there a way to ensure that the analyst is actually
performing his/her job? Outside of spot checks and the such I don't see of a way to do
so. It all really comes down to the individual being motivated enough to take pride in
their work no matter how tedious at times imho. Any thoughts on this?
Cheers!
Don
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Christian Kreibich: "Re: [fw-wiz] Evolution of Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
