Re: IDSes and known attacks (was: NIPS Vendors explicit answer)
From: Drexx Laggui (drexx_at_i-manila.com.ph)
Date: 04/28/04
- Previous message: Vikram Phatak: "Re: NIPS Vendors explicit answer"
- In reply to: Frank Knobbe: "Re: NIPS Vendors explicit answer"
- Next in thread: Frank Knobbe: "Re: NIPS Vendors explicit answer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Apr 2004 02:40:15 -0800 To: focus-ids@securityfocus.com
28Apr2004 (UTC -7)
Frank Knobbe wrote:
...[snip]...
> IDSes are Intrusion Detection Systems. Why do we need to detect
> something that we know exists? In my opinion we should focus our efforts
> on detecting the *unknown* events, not the known ones. I argue that you
> are looking the wrong way :)
...[snip]...
Just to clarify, we still need IDSes to monitor *known* attack patterns,
so as to make-up for the inadequacies of firewall products/systems. As
many of us know, it's easier to sniff out malicious attacks against
different network applications, than asking the firewall vendor to
secure protocols other than HTTP or SMTP or FTP (for example). And yes,
we also know that once an IDS picks up an attack, it may already be too
late --but hey, better late than never.
Drexx Laggui
Asia-Pacific Region
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Vikram Phatak: "Re: NIPS Vendors explicit answer"
- In reply to: Frank Knobbe: "Re: NIPS Vendors explicit answer"
- Next in thread: Frank Knobbe: "Re: NIPS Vendors explicit answer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
