RE: IDS recommendations

From: robert.d.turner@bt.com
Date: 12/10/01


From: robert.d.turner@bt.com
To: talisker@networkintrusion.co.uk
Date: Mon, 10 Dec 2001 09:50:46 -0000

Hi

I've been watching this thread with interest. There is much to say about
the open-source/commercial debate, but this is not the time or place. My
opinion as a techie is that open source/freeware/copyright/shareware
software is usually quicker to react to situations/events (H*ll, I have
enough PD software floating about on the net myself!).

But my opinion as a commercially aware worker is that you HAVE to be able
to pass the buck at some time. It may not be practical/accurate, but my
experience shows that corporate tzars need to feel secure - and they feel
most secure when there is someone/something to point the corporate rifle
at when things go wrong (which, of course, they never do!).

IMHO, the cost of software is only a fraction of the TCO (ouch, did I
really use that phrase?). Hardware/maintenance/support/management/event
handling and all other things make the choice of software (relatively)
unimportant on the basis of cost.

We currently support three IDS products, and are continually evaluating
more, with in-house applications to back them up where each product is
weak. I definitely agree with Talisker about using different products -
some are strong in the network "fake packet" style of attack, whilst
others are better at "application" attacks.

Please, we are all professional (or theoretically so). Can we take the
proletysing and preaching to some other forum (preferably /dev/null) and
argue about products on a purely merit/technical basis?

[Apologies if this has turned into a rant of my own, but it is my opinion
that this is a good area for debate, and I don't want this to turn into
another 'my XYZ is bigger/better/cheaper than your XYZ.]

Robert

--
Robert Turner GCIA
Security Solutions Designer & Analyst

Ignite Solutions - Secure Business Services T: +44 (0)113 244 5951 F: +44 (0)113 244 5657 Robert.D.Turner@bt.com



Relevant Pages

  • Re: Many XP Problems Solved
    ... It was my opinion stated as a normal person in response to your statement. ... one of problems dissappeared and that told me it was a corrupt registry. ... "Your attack came far after that explanation. ...
    (microsoft.public.windowsxp.general)
  • Re: NSA wiretap, Friday night
    ... In my opinion, you have not written anything constructive or helpful. ... I can't see how your attack on _his_ message was at all justified. ... via the mutually agreed crappy Outlook newsreader, ... I'll make sure you have no excuse to say you don't see my response. ...
    (comp.os.linux.security)
  • Re: In your opinion
    ... economy. ... next attack on us and then went and cleaned their plows. ... lost a war, I'm about as right winger as they come when it comes to war. ... stand behind their opinion with their own names. ...
    (alt.politics)
  • Re: forced vibration question
    ... >>soon as the evidence contradicts you, ... with parrotting) ... That would imply that my opinion is not better than yours. ... the things you attack. ...
    (sci.physics)
  • Re: Many XP Problems Solved
    ... Shenan Stanley ... It was my opinion stated as a normal person in response to your statement. ... Your attack came far after that explanation. ... made a jump that I needed a lesson in "ethics and computer history". ...
    (microsoft.public.windowsxp.general)