Re: IDS is dead, etc

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 08/16/03

  • Next message: Duston Sickler: "Network IDS"
    Date: Fri, 15 Aug 2003 20:26:06 -0500
    To: focus-ids@securityfocus.com
    
    

    --On Wednesday, August 13, 2003 12:22 PM -0400 Jonathan Rickman
    <jonathan@xcorps.net> wrote:

    > On Wednesday 13 August 2003 01:01, Omar Herrera wrote:
    >
    >> The key is "correlation", and right now I don't se a better security
    >> solution than a well prepared security professional to correlate that.
    >
    > I think that will remain the case for a long time to come. After all,
    > security is a process. The process involves technical and human factors.
    > Attempting to engineer people out of the process will ultimately fail.
    > Systems only have two possible answers to any given question...yes or no.

    Are you really serious about this? Because I don't think you could
    possibly be more wrong. There are an infinite number of answers that can
    be returned for a given set of parameters, not a simple yes or no. Mind
    you, I'm not arguing that you can solve every problem with an algorithm,
    but *surely* you don't really believe that algorithms can only respond with
    binary answers? If this were really true, it wouldn't even be possible to
    have more than two alert levels - Alert or no alert.

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu

    ---------------------------------------------------------------------------
    Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications
    Precisely Define and Implement Network Security and Performance Policies
    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    Visit us at: http://www.captusnetworks.com/ads/31.htm
    ---------------------------------------------------------------------------


  • Next message: Duston Sickler: "Network IDS"