Re: Recent anti-NIDS Gartner article
From: Stephen Samuel (samuel_at_bcgreen.com)
Date: 06/17/03
- Previous message: Jim Butterworth: "RE: Recent anti-NIDS Gartner article"
- In reply to: Mike Blomgren: "RE: Recent anti-NIDS Gartner article"
- Next in thread: nyec: "Re: Recent anti-NIDS Gartner article"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Jun 2003 12:11:02 -0700 To: Mike Blomgren <mike.blomgren@secode.com>, focus-ids@securityfocus.com
Mike Blomgren wrote:
> If IDS is the looser, and a firewall is the solution - then why do we
> have surveillance cameras when we would be better off with good locks on
> our doors?
To folow the analogy: cameras record things that locks can't
stop. A camera/NIDS with humans paying good attention to it
can recognize things like somebody breaking a window, loitering
suspiciously, etc.
No matter how good your door locks may be, it still won't stop
someone from bringing in a vehicle(tank) as a battering ram.
or doing something as breaking a window to get access (had that
happen to me twice!). Not to mention the use of a lockpick.
With a good recording system (with or without human intervention)
they can sometimes provide infomation on the identity, methods
and intentions of an intruder. This can be useful either for
filing later charges or simply determining what needs to be fixed
to prevent a recurrence.
Firewalls can prevent some of the more obvious attacks, but
a well-tuned NIDS could also recognize things like suspicious
outgoing connections and malicious web/ftp sites. Those are
kinds of attacks that the firewall paradigm isn't really
designed to handle well.
-- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bring it to life. ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
- Previous message: Jim Butterworth: "RE: Recent anti-NIDS Gartner article"
- In reply to: Mike Blomgren: "RE: Recent anti-NIDS Gartner article"
- Next in thread: nyec: "Re: Recent anti-NIDS Gartner article"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
