Re: IDS is dead, etc

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 08/16/03

  • Next message: Duston Sickler: "Network IDS"
    Date: Fri, 15 Aug 2003 20:26:06 -0500
    To: focus-ids@securityfocus.com
    
    

    --On Wednesday, August 13, 2003 12:22 PM -0400 Jonathan Rickman
    <jonathan@xcorps.net> wrote:

    > On Wednesday 13 August 2003 01:01, Omar Herrera wrote:
    >
    >> The key is "correlation", and right now I don't se a better security
    >> solution than a well prepared security professional to correlate that.
    >
    > I think that will remain the case for a long time to come. After all,
    > security is a process. The process involves technical and human factors.
    > Attempting to engineer people out of the process will ultimately fail.
    > Systems only have two possible answers to any given question...yes or no.

    Are you really serious about this? Because I don't think you could
    possibly be more wrong. There are an infinite number of answers that can
    be returned for a given set of parameters, not a simple yes or no. Mind
    you, I'm not arguing that you can solve every problem with an algorithm,
    but *surely* you don't really believe that algorithms can only respond with
    binary answers? If this were really true, it wouldn't even be possible to
    have more than two alert levels - Alert or no alert.

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu

    ---------------------------------------------------------------------------
    Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications
    Precisely Define and Implement Network Security and Performance Policies
    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    Visit us at: http://www.captusnetworks.com/ads/31.htm
    ---------------------------------------------------------------------------


  • Next message: Duston Sickler: "Network IDS"

    Relevant Pages

    • RE: is this the start of something naughty?
      ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Ensure Reliable Performance of Mission Critical Applications ... - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)
    • RE: what is this?
      ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Ensure Reliable Performance of Mission Critical Applications ... - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)
    • Updated Security alert!! W32/Mydoom@MM
      ... PSS Security Response Team Alert - New Worm: ... This alert is being updated to advise you of a new variant of the Mydoom ... Microsoft Outlook, Microsoft Outlook Express, and ... for this virus as it spreads in the wild. ...
      (microsoft.public.security.virus)
    • Re: [Partially, Almost On Topic] Update On Worldwide Terror Alerts
      ... Soon, though, security levels may be raised yet again to ... The Scots have raised their threat level from "Pissed Off" to "Let's ... Italy has increased the alert level from "Shout Loudly and Excitedly" ... along so far with no knowledge of what color terror alert you are living under? ...
      (rec.boats)
    • Bangkok, deep South on security alert
      ... A security alert is in effect for Bangkok and the South today, ... Pol Maj-Gen Adisorn Nonsi, acting chief of the Metropolitan Police Bureau, said ... had received insurgent training to launch attacks in the deep South. ...
      (soc.culture.malaysia)