Re: Usefulness of Network Intrusion Detection Systems

From: James Riden (j.riden_at_massey.ac.nz)
Date: 05/26/04

  • Next message: Ali Rajput: "Re: Hi, I want to study IPS"
    To: focus-ids@securityfocus.com
    Date: Wed, 26 May 2004 12:36:35 +1200
    
    

    Thomas <TheTom@UnixIsNot4Dummies.ORG> writes:

    > Network-based IDSs should be limited to attacks on the
    > network layer not the application layer.
    <snip>
    > Maybe people are just doing it for fun or to suffice the
    > marketing hype... I do not know.

    Yeah, we just do it for fun :p

    > Additionally companies do not care much about switches, routers
    > or web-servers. Sure they got bad PR if it is compromised or
    > turned off but there is no direct lost of money connected with it.

    Apart from n hours of my time investigating and fixing the problem,
    usually at overtime rates? Potential compromise of confidential data?
    The cost of having staff sitting around while critical servers are
    down?

    The IDS I run is an integral part of the detection and response to
    network threats. Of course I do as much as I can about prevention, but
    on a large network where everyone wants to be relatively free, you
    will have compromises and attempted attacks; especially from worms
    such as Blaster, Welchia, Sasser and Slammer.

    The IDS helped us avoid any network downtime due to Sasser and if the
    network is down, the cost of having staff sitting idle mounts up very
    quickly indeed.

    It does take a lot of work to manage, but IMHO it's a lot better than
    having no idea what's going on in your network.

    -- 
    James Riden / j.riden@massey.ac.nz / Systems Security Engineer
    GPG public key available at: http://www.massey.ac.nz/~jriden/
    This post does not necessarily represent the views of my employer.
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Ali Rajput: "Re: Hi, I want to study IPS"

    Relevant Pages

    • Re: OT: Humor - If Dr. Seuss were a technical writer.
      ... "The Laptop From Hell" (a good name to ID your lappy on a network to ... filter for a number of years so I don't see anything he posts unless ... It's fun to poke it ... "Freedom, true freedom, is nothing more than intellectual advantage over others." ...
      (alt.2600)
    • Re: compromised network - followups - yuppers
      ... as well as talking to members of FBI ... and/or just a "list of things to do" after a compromise ... > original poster sniffing network traffic when they ... its fun to clean up the network after its ...
      (Security-Basics)
    • Re: Career Choice
      ... In fact when I was at the 5th HOPE in NYC this past summer I saw a fun ... > just get a dsl line and do it that way...probably have the server on ... > personal network on the dsl line (I don't consider dsl as being as ... >> yet is to run your own server somewhere seperate from work. ...
      (Security-Basics)
    • Re: Are you experienced?
      ... My last one had IDE card + 500MB HD, network, XGA2 and did quite good. ... Would have taken it for the price nontheless. ... the price it went it would have still been a fun to play with it. ...
      (comp.sys.ibm.ps2.hardware)
    • Re: What Did You Watch? 2011-12-17 (Saturday)
      ... Blast those 7 PM network ... But we saw a terrific set of legs as she was ... And it would qualify as "good, clean fun." ... I would have to check very closely to be sure that it's clean. ...
      (rec.arts.tv)