Re: IPS, alternative solutions

From: Jason Haar (Jason.Haar_at_trimble.co.nz)
Date: 09/16/04

  • Next message: brennan stewart: "RE: session logging IDS" 
    Date: Thu, 16 Sep 2004 13:08:56 +1200
To: focus-ids@securityfocus.com

    On Wed, Sep 15, 2004 at 03:47:28PM -0400, Jason wrote:
    > I would be seriously interested in an ROI that can demonstrate savings.
    >
    > The simple question is how is inline packet scrubbing easier and more
    > cost effective than patching?

    It isn't.

    I think the business community is starting to realise that in this Microsoft
    dominated world, we can no longer exclusively rely on "external"
    infrastructure like firewalls and NIDS to protect our machines - we have to
    make our machines more secure.

    The advent of Windows Updates and SUS are signs that Microsoft is listening
    and learning. Of course I could rant on at length about the *culture* of
    Windows being the much harder nut to crack (local admin privs anyone?), but
    it's moving in the right direction.

    Firewalls and NIDS are obviously good to have (required isn't probably too
    strong a word), but once you have a good, working and productive "network
    protection" infrastructure in place, your security gaze rightfully falls
    back on those darn Windows boxes again...

    In the medium term our company going down the Network Admission Control route:
    don't allow a machine onto the corporate network unless it has been VETOED
    by the network as being patched, up to date, etc. Interestingly, this
    "network solution" reinforces my point - it's all about bring consistency
    and security standards to the end-user PC... 

    -- 
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
  • Next message: brennan stewart: "RE: session logging IDS"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #51
      ... Subject: SecurityFocus Microsoft Newsletter #51 ... If you're running a Windows network, then this is the intensive 3-day ... Specialist in Microsoft's Security Services Partner Program, ... Platforms: Solaris and Windows NT ...
      (Focus-Microsoft)
    • RE: file sharing on network with vista and xp home computer
      ... Since the contact through microsoft email has been 24 hours+ for each reply, ... security settings for the root folder until I asked them to. ... network was working for that one week, that I had changed "Everyone's" access ... and I had to reinstall my copy of windows. ...
      (microsoft.public.windowsxp.network_web)
    • Re: Cryptogram Comment
      ... Or had to go through setting up basic security for their ... > bother me with Windows questions. ... > machines are broken. ... and Linux and other open OS's make all patches FREE to redistribute. ...
      (sci.crypt)
    • Re: Biometrics
      ... Can Microsoft remotely work on a Microsoft Windows 98 Second ... Edition computer via India like Microsoft can work on a Windows XP ... Establishing good security practices (patch when we ... within a network for internal safety reasons and potentially to act as ...
      (microsoft.public.security)
    • Re: Active Directory Setup Advice
      ... A domain is really an entity with a single security remit. ... seen as on the same network it will be like one big network. ... Under one domain all machines have to be unique in naming scheme. ... sub domains you can have same names under different domain. ...
      (microsoft.public.windows.server.active_directory)