Re: IDS is dead, etc

From: Paul Schmehl (
Date: 08/16/03

  • Next message: Duston Sickler: "Network IDS"
    Date: Fri, 15 Aug 2003 20:26:06 -0500

    --On Wednesday, August 13, 2003 12:22 PM -0400 Jonathan Rickman
    <> wrote:

    > On Wednesday 13 August 2003 01:01, Omar Herrera wrote:
    >> The key is "correlation", and right now I don't se a better security
    >> solution than a well prepared security professional to correlate that.
    > I think that will remain the case for a long time to come. After all,
    > security is a process. The process involves technical and human factors.
    > Attempting to engineer people out of the process will ultimately fail.
    > Systems only have two possible answers to any given question...yes or no.

    Are you really serious about this? Because I don't think you could
    possibly be more wrong. There are an infinite number of answers that can
    be returned for a given set of parameters, not a simple yes or no. Mind
    you, I'm not arguing that you can solve every problem with an algorithm,
    but *surely* you don't really believe that algorithms can only respond with
    binary answers? If this were really true, it wouldn't even be possible to
    have more than two alert levels - Alert or no alert.

    Paul Schmehl (
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member

    Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications
    Precisely Define and Implement Network Security and Performance Policies
    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    Visit us at:

  • Next message: Duston Sickler: "Network IDS"