Re: Changes in IDS Companies?
From: Stephane Nasdrovisky (stephane.nasdrovisky@uniway.be)Date: 10/18/02
- Previous message: spyguy703@earthlink.net: "Netscreen IDP"
- In reply to: Clint Byrum: "Re: Changes in IDS Companies?"
- Next in thread: scottw@cylant.com: "Re: Changes in IDS Companies?"
- Next in thread: tcleary2@csc.com.au: "RE: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Oct 2002 10:49:18 +0200 From: "Stephane Nasdrovisky" <stephane.nasdrovisky@uniway.be> To: Clint Byrum <cbyrum@spamaps.org>
Clint Byrum wrote:
> Then the system is setup with schedules, to allow for the expected
> behaviors of arrivals and departures, cleaning, etc.
The analogy have its limitations.
The alarm, in the public part of our building is shut down during business
hours so that customers can enter our building.
By analogy, I guess the IDS protecting our public servers should be turned off
during business ours, which means, the IDS should always be down.
The traditional alarm systems are in fact even weaker in term of false
positive than most IDS, they do not seems to be a good goal for IDS
developpers.
Am I totally wrong ?
> Other things just look suspicious, and we have to make a judgement call
> as to whether or not we're going to alert, or even shut down a
> connection, based on that suspicion. Now.. how to make that judgement
> call easy, is anyone's guess. :-P
My dream: an IDS that learns from past judgement.
- Previous message: spyguy703@earthlink.net: "Netscreen IDP"
- In reply to: Clint Byrum: "Re: Changes in IDS Companies?"
- Next in thread: scottw@cylant.com: "Re: Changes in IDS Companies?"
- Next in thread: tcleary2@csc.com.au: "RE: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
