Re: IDS is dead, etc
From: Bennett Todd (bet_at_rahul.net)
Date: 08/08/03
- Previous message: Bennett Todd: "Off-Topic: perfect firewall (was Re: IDS is dead, etc)"
- In reply to: Scott Wimer: "Re: IDS is dead, etc"
- Next in thread: Scott Wimer: "Re: IDS is dead, etc"
- Reply: Scott Wimer: "Re: IDS is dead, etc"
- Reply: Frank Knobbe: "Re: IDS is dead, etc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Aug 2003 13:15:47 -0400 To: Scott Wimer <scottw@cylant.com>
2003-08-08T12:37:24 Scott Wimer:
> The assumption that human beings can design, write, and install
> software without error is WRONG.
No disagreement there. I don't presume software without error.
I do maintain, however, that by combining tight configuration
control with complete abstinance from known-bad software, you can
raise the barrier sufficiently high that the attacks that succeed
will be so wildly new and out of left field that your IDS would be
no more help than your firewall. IDSes detect known problems;
they're the "anti-virus scanners" of the network.
Given such a setting, an IDS is still a great idea, as an
educational tool, but it's not helping to tighten your protections,
because it won't alarm on anything that succeeds.
-Bennett
- application/pgp-signature attachment: stored
- Previous message: Bennett Todd: "Off-Topic: perfect firewall (was Re: IDS is dead, etc)"
- In reply to: Scott Wimer: "Re: IDS is dead, etc"
- Next in thread: Scott Wimer: "Re: IDS is dead, etc"
- Reply: Scott Wimer: "Re: IDS is dead, etc"
- Reply: Frank Knobbe: "Re: IDS is dead, etc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
