Security Basics mailing list archives

Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?

From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 1 Jun 2009 13:01:04 -0400

Hi Kel,

 Personally, if I were going to attack a network I'd go after the
 printers first, establish my foothold there, and then work on the
 servers.

Interesting. I have seen the occasional DoS against a printer [1].
Would you have any reading material on something more active from the
foot hold? I presume you are referring to dropping something into
printer memory and mounting an attack from there.

Jeff

[1] HP LaserJet multiple models web management CSRF vulnerability &
insecure default configuration

On 5/28/09, Kel <kellstr () gmail com> wrote:

 Most "attacks" are actually against web browsers and are usually like
 a booby trap. A piece of malicious code is inserted in a web site
 waiting for someone to trigger it. That payload may install a keystoke
 reader on that computer and now every password entered on that box
 goes back to the attacker. This isn't a server so you haven't
 installed HIDS.

 Personally, if I were going to attack a network I'd go after the
 printers first, establish my foothold there, and then work on the
 servers.

 On Tue, May 26, 2009 at 8:46 PM, Juan B <juanbabi () yahoo com> wrote:
 >
 > HI,
 >
 > I am thinking that if the target of  a hacker is always the server so why I need the NIDS ? I can monitor very 
well just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I 
have a well configured HIDS on every server?
 >
 > thanks
 >
 > Juan
 >
 > [SNIP]


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Kel (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Jeffrey Walton (Jun 01)
- <Possible follow-ups>
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Thrynn (Jun 01)
  - Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Francois Yang (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? evilwon12 (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Laurens Vets (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? lonervamp (Jun 01)
- RE: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Nick Vaernhoej (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? aditya mukadam (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)