Re: IDS\IPS that can handle one Gig

From: Control Zed (cntlzed_at_gmail.com)
Date: 06/07/05

  • Next message: Edward Sohn: "RE: IDS\IPS that can handle one Gig" 
    Date: Tue, 7 Jun 2005 21:06:09 +0530
To: Frank Knobbe <frank@knobbe.us>

    Frank,

    Sometimes it may not be possible to patch critical servers simply
    because you can't afford the downtime or you don't know if the patches
    would break other critical applications or software. So if you know
    the vulnerability and the way it can be exploited, you can protect it
    till you can find time to patch it. Nothing wrong in this approach. I
    am assuming this is what Lucid means by VM.

    Z

    On 6/7/05, Frank Knobbe <frank@knobbe.us> wrote:
    > On Sun, 2005-06-05 at 03:39 -0400, Vikram Phatak wrote:
    > > The biggest knock I've heard about VM is that it doesn't actually
    > > "protect" anything since it is not patching vulnerablities.
    >
    > I think this single line shows the biggest problem in the security
    > industry, the need to protect vulnerabilities. Instead of adding layers
    > to protect the bag of vulnerabilities, we should open the bag and remove
    > the vulnerabilities one by one.
    >
    > The term vulnerability management is equally flawed. We should not at
    > all "manage" vulnerabilities, but "identify" and "eradicate" them.
    >
    > The whole notion of keeping vulnerabilities around is just flawed...
    >
    > ... and I wonder if IPSes just foster the complacency to accept and live
    > with vulnerabilities...
    >
    > Cheers,
    > Frank
    >
    >
    >
    > BodyID:1871399.2.n.logpart (stored separately)
    >
    >

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Edward Sohn: "RE: IDS\IPS that can handle one Gig"

    Relevant Pages

    • Re: Alerting - Malicious software removal tool
      ... Plus, much of what the MSRT removes are worms that exploit vulnerabilities in humans, not vulnerabilities in the software -- even a perfect operating system can't protect itself from that. ... cleaning compromised machines that are not hidden from most users. ... Calling an illegal alien an "undocumented worker" is like calling a ...
      (microsoft.public.security.virus)
    • Re: [Full-disclosure] Who Do I Contact?
      ... vulnerabilities are out there so we can protect ourselves? ... I don't know or care why you're here. ... Don "north" Bailey ...
      (Full-Disclosure)
    • RE: Java Web Start argument injection vulnerability
      ... JNLP can still specify and deliver a vulnerable JRE even after upgrading ... vulnerabilities. ... How do you protect against an attacker forcing victims to use a vulnerable ...
      (Bugtraq)
    • Re: IDSIPS that can handle one Gig
      ... the need to protect vulnerabilities. ... >to protect the bag of vulnerabilities, we should open the bag and remove ... >The term vulnerability management is equally flawed. ...
      (Focus-IDS)
    • Re: IDSIPS that can handle one Gig
      ... > The biggest knock I've heard about VM is that it doesn't actually ... the need to protect vulnerabilities. ... to protect the bag of vulnerabilities, we should open the bag and remove ...
      (Focus-IDS)
    • Quantcast