[fw-wiz] RE: In defense of non standard ports

On 1/24/06, Tim Shea <tim@xxxxxxxxx> wrote:
> I've been monitoring this discussion and I have issues with two
> assumptions being made. The first is that all organizations have security
> professionals with some pull with management. Politics plays a big part
> and unless you can sell a solution or are hacked sideways nothing will be
> done. This is the frustration of many technical security professionals.
>
> Lets take the above issue - all tcp ports outbound are open. Throwing in
> an IDS is an quick way to gather appropriate information to help sell to
> management that they have a real problem. Just telling them "all ports
> outbound bad" does not work. In addition - the log output from [insert
> whatever firewall here] is either not detailed enough or the volume is so
> high that it is not always practical to run analyze on the output.
>
> Second issue I have is that running IDS's takes a lot of time. That is
> bull. I had a vendor in today that was going off about such nonsense. It
> is just like any other service. You plan, implement, and manage that
> service appropriately. If you are spending all your time updating rules
> and keeping things in sync - your problem is not the ids but your
> operational processes.
>
> IDS have their place as any other service but saying they are useless or
> offering a negative opinion on an organizations internal controls (or lack
> of them) does not help that individual solve a problem.
>

I personally don't see much need for an IDS. Where I am currently
working I have no control of what we use, really, yet anyway, but the
IDS systems have so many never blocks on them, who cares?!

Granted, they're all supposed to be customer IPs., and old IPs are
supposed to be removed, but this is reality and that ain't the way it
happens.

In short, I think IDS systems are often used as a crutch at best and
at worst as a sign that you're "protected" ("See, it saw it." - didn't
block it, naturally, but hey, they're customers!).
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] RE: In defense of non standard ports
    ... This is the frustration of many technical security professionals. ... > an IDS is an quick way to gather appropriate information to help sell to ... so it is more expensive than it appears to be or just useless. ...
    (Firewall-Wizards)
  • Re: IDS is dead, etc
    ... IDS alone is just not very useful. ... engine to produce a true security picture. ... So -- if the IDS shows and attack, ... > networks independent of the network management picture or the other ...
    (Focus-IDS)
  • Re: [fw-wiz] RE: In defense of non standard ports
    ... >professionals with some pull with management. ... This is the frustration of many technical security professionals. ... not the firewall and the solution is not the IDS. ...
    (Firewall-Wizards)
  • RE: Value of IDS, ROI
    ... you can get ROI in two ways: ... management world. ... To cite an opinion piece about the IT Security cost center's ability to ... Subject: Value of IDS, ROI ...
    (Focus-IDS)
  • Re: Why Security testing is required
    ... >> As a non technical person I want to know why security testing is required ... IDS fooled and content management skirted. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
    (Security-Basics)