RE: IDS and Spywares

From: Dhruv Soi (dhruv_ymca_at_yahoo.com)
Date: 10/15/05

  • Next message: Frank Knobbe: "RE: IDS and Spywares" 
    Date: Sat, 15 Oct 2005 01:12:32 -0700 (PDT)
To: Omar Herrera <oherrera@prodigy.net.mx>, focus-ids@securityfocus.com

    Right said Omar, thats why security companies are
    investing million of $s and working on Products like
    NIDS, hIDS and other secuirty products like
    Vulnerability assessment/management etc..
    Frank, don't you believe that a Techie can even harden
    a MS OS to protect it from Virus/Worm attack or from
    some vulnerability exploit attacks...
    But still he would like to keep his machine upto-date
    with MS patches and with antivirus service always
    running, may be hIDS running or probably with NIDS
    installed on network..just to get on safer side and to
    minimize the security risk and above all to go into
    relax mode by reducing administartive tasks...
    Same way IDS, HIDS, Antivirus all are protecting the
    networks,hosts at different layers...Leaving the
    Network administrators with least administrative
    work...
    If you want to see the Administrator running in
    company shouting "hey, theres spyware", "oops! I
    missed to harden this machine". In this case you can
    surely offer that job to Omar ;-)

    -Dhruv

    --- Omar Herrera <oherrera@prodigy.net.mx> wrote:

    >
    >
    > > -----Original Message-----
    > > From: Frank Knobbe [mailto:frank@knobbe.us]
    > > Sent: Saturday, October 15, 2005 3:06 AM
    > >
    > > On Fri, 2005-10-14 at 10:03 +0100, Omar A. Herrera
    > wrote:
    > > [...]
    > > > I do agree with you that layered security is
    > always the best option,
    > > even if
    > > > there is some redundancy in some of the
    > activities performed by
    > > different
    > > > kinds of products.
    > > [...]
    > >
    > >
    > > What I'm trying to say is:
    > >
    > > Stop wasting your time wrapping more band-aids
    > around flaws! Start
    > > attacking the real problem and solve that! Stop
    > buying into the security
    > > buzz spun by security vendors promising the
    > all-curing pixie dust, and
    > > understand and correct the core root causes of the
    > problem yourself!
    > >
    > > If we don't look at the real issues anymore, then
    > all hope is lost.
    > >
    >
    > Yea right... it is easy to be a purist and just
    > point out at the right
    > theoretical solution. You are absolutely right, but
    > if making those changes
    > were just as simple as saying it...
    >
    > I'm not talking to the technological part of the
    > problem here, but to
    > administrative problem. You really think it is so
    > simple to just go with
    > your Boss and say: "Hey Boss, we need to replace all
    > those workstations with
    > X because of this and this, throwing away and
    > historic dependency of dozens
    > of versions for thousands of applications, many of
    > which don't exist for X
    > for several reasons, but we can simply develop them
    > ourselves"?
    >
    > You better offer me a job in your company (where it
    > seems it is possible to
    > do this), because if I do this, I'm certainly going
    > to get kicked out of
    > mine :-)
    >
    > Understanding and complying with business
    > requirements and restrictions is
    > also an essential part of our jobs, not just playing
    > the techie, all
    > powerful, know all wizard.
    >
    > Regards,
    >
    > Omar Herrera
    >
    >

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: Frank Knobbe: "RE: IDS and Spywares"

    Relevant Pages

    • SUMMARY WAS: OT? Philosophical Question on SA responsibilities
      ... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
      (SunManagers)
    • RE: Real world experience with HIDS
      ... It is proven that the annual investment of a Security Service ... I too have 10+ years experience as an administrator, ... Real world experience with HIDS ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Least User Priviledges for Network Administrators
      ... that group not be local administrators due to the nature of their work. ... in our Network Technology group are most likely, ... Trust how? ... desktop security practices and the installation of unlicensed software ...
      (microsoft.public.windowsxp.security_admin)
    • RE: Host Based IDS Recommendations?
      ... Secuplat HIDS for NT. ... It have server agent based features. ... should collect all attack, file change auditing data, User security breaking ... Better Management for Network Security ...
      (Focus-IDS)
    • Re: Weird security problem in my WIn2K domain
      ... Keep in mind that enterprise admins group has no administrative powers on ... Another thing to try is to create a new account ... add that account to the local administrators ... enable auditing of account logon events in Domain Controller Security Policy ...
      (microsoft.public.windows.server.security)