Re: How to measure 'status' of IDS Deployment

From: roy lo (roylo@sr2c.com)
Date: 08/23/02

Previous message: Alan Shimel: "RE: How to measure 'status' of IDS Deployment"
In reply to: idsquestions@hushmail.com: "How to measure 'status' of IDS Deployment"
Next in thread: Jensenne Roculan: "Re: How to measure 'status' of IDS Deployment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 23 Aug 2002 14:37:40 -0500
From: roy lo <roylo@sr2c.com>
To: idsquestions@hushmail.com

I know that big companies hires ppl. to do penetration test as a way of
"benchmark/test" their systems (IDS and etc..).
And I don't know is that feasible way in your case or not.

(aside from the fact that) I think it is hard to justify the money spent
on security for most ppl.; since most upper management thinks that it
has nothing to do with production. (ie won't help them make $$$). And
the saddest part (in my case) was that we only got the funding+manpower
for it *after* we got cracked/hacked.
Have seem ppl. using the *fear approach by scaring the upper managements
with the possible damage will be deal to the company (to justify their
cause)
and in some extreme cases sysadmins will crack into their owe servers so
that it will draw attentions from the top executives.

In your case I think you can use the common *chart approach, by listing
out what your deployment can do and what kinda of protection it offers;
and how much $$ can you save them in the events of attack(and this part
is really depend on your BS skill)

No offense, but in you case I think you need to relied on your BS skill
to make your justification more than other things.

idsquestions@hushmail.com wrote:

>I have been tasked with comparing my IDS deployment at work to determine if it is 'world class'/'best in class' quality'. This is rather vague as it is hard to quantify and compare placement issues and success. I wonder how others are approaching this? This more than 'we saw 500,000 things this week and 100 were real things we investigated'..
>
>How do you, perhaps as a ROI issue, justify the money spent and compare your deployment to established(?) benchmarks?
>
>-Bob
>
>
>
>Get your free encrypted email at https://www.hushmail.com
>
>
>

-- 
Roy Lo  
Freelance Consultant 
E-mail -  roylo@sr2c.com
Sun Certified Network Administrator (SCNA)
Sun Certified System Administrator (SCSA)
Cisco Certified Network Associate (CCNA)

Previous message: Alan Shimel: "RE: How to measure 'status' of IDS Deployment"
In reply to: idsquestions@hushmail.com: "How to measure 'status' of IDS Deployment"
Next in thread: Jensenne Roculan: "Re: How to measure 'status' of IDS Deployment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Experiences?
... how convenient of you to include the catch-all "trolls." ... your entire USenet history using all those other nyms you got busted for consists of nothing BUT netKKKopping!!!!!!!!!!!!!!!!!!!!!!!!!!!1 ... You retaliated against ppl, so you just assume thats what others do it for. ... justify that by saying "everyone" already knew it. ...
(alt.support.chronic-pain)
Re: Luke 16:19-31
... that will get ppl saved....but the Word of God....some ppl teach that it ... If you don't produce the works, mere faith alone will not "Justify" you ... "20 But wilt thou know, O vain man, that faith without works is dead? ... Abraham believed God, and it was imputed unto him for righteousness: ...
(uk.religion.christian)