Security Basics mailing list archives
Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 1 Jun 2009 13:01:04 -0400
Hi Kel,
Personally, if I were going to attack a network I'd go after the printers first, establish my foothold there, and then work on the servers.
Interesting. I have seen the occasional DoS against a printer [1]. Would you have any reading material on something more active from the foot hold? I presume you are referring to dropping something into printer memory and mounting an attack from there. Jeff [1] HP LaserJet multiple models web management CSRF vulnerability & insecure default configuration On 5/28/09, Kel <kellstr () gmail com> wrote:
Most "attacks" are actually against web browsers and are usually like a booby trap. A piece of malicious code is inserted in a web site waiting for someone to trigger it. That payload may install a keystoke reader on that computer and now every password entered on that box goes back to the attacker. This isn't a server so you haven't installed HIDS. Personally, if I were going to attack a network I'd go after the printers first, establish my foothold there, and then work on the servers. On Tue, May 26, 2009 at 8:46 PM, Juan B <juanbabi () yahoo com> wrote: > > HI, > > I am thinking that if the target of a hacker is always the server so why I need the NIDS ? I can monitor very well just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I have a well configured HIDS on every server? > > thanks > > Juan > > [SNIP]
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Kel (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Jeffrey Walton (Jun 01)
- <Possible follow-ups>
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Thrynn (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Francois Yang (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? evilwon12 (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Laurens Vets (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? lonervamp (Jun 01)
- RE: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Nick Vaernhoej (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? aditya mukadam (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)