Re: Network IDS
From: Frank Knobbe (frank_at_knobbe.us)
Date: 08/27/03
- Previous message: Scott Wimer: "Re: Top IPS vendors - please read for invitation to Network World review."
- In reply to: Andreas Krennmair: "Re: Network IDS"
- Next in thread: Mark Teicher: "Re: Network IDS"
- Reply: Mark Teicher: "Re: Network IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Andreas Krennmair <netnews@synflood.at> Date: Wed, 27 Aug 2003 14:15:43 -0500
On Tue, 2003-08-26 at 13:53, Andreas Krennmair wrote:
> How is your system protected when the exploit succeeds and is detected
> by the NIDS? Your system is compromised. The only thing where NIDS could
> be interesting is to record all attacks and to separate the known
> exploits from the unknown ones. That is, IMHO, the only really useful
> way NIDS could be used.
Another idea you could use this for is automated containment of
intrusions. Yeah, your box may be hacked by the time the IDS analyzes
the packet, but the reaction (i.e. firewall config) can be done to
automatically isolate that box so that the hacker can't get in or worms
break out. Same thing you would do by hand, except the IDS does it for
you much faster and at 4am when you're not there.
Cheers,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Scott Wimer: "Re: Top IPS vendors - please read for invitation to Network World review."
- In reply to: Andreas Krennmair: "Re: Network IDS"
- Next in thread: Mark Teicher: "Re: Network IDS"
- Reply: Mark Teicher: "Re: Network IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
