Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Britney and Kevin are Chaotic

From: byte_jump <bytejump () gmail com>
Date: Thu, 26 May 2005 16:24:13 -0600
This is a question for everyone that is bashing IDS: What is an alternative?

Surely host-based security implementations such as PaX, grsecurity,
systrace, blah, blah are useful and effective, but they can't be added
to every host on the network, nor every server in your critical areas.

IDS serves a useful purpose, in my opinion, though that usefulness is
far less than what the IDS vendors tout. Protocol reassembly,
encryption, etc. are all going to clobber NIDS, but it still can be
useful in detecting anomalies and other low-hanging-fruit-type
attacks. In other words, it's not a zero-sum game, but NIDS can play
an important role in security.

If you don't agree, what's the alternative?

byte_jump

(BTW, I use the "byte_jump" handle as a tribute to the ugly hack that
is Snort's rule syntax. The byte_jump detection mechanism in Snort's
rules is an awful hack - as am I.)

On 5/26/05, Chris Anley <chris () ngssoftware com> wrote:

Steve Lord wrote:

I think it's worse than a smoke detector. An IDS would be a smoke
detector that informs you that your house has already been burnt to the
ground, and needs rebuilding from scratch.


You need an IDS like you need someone telling you that you have a hole
in the head. (sorry).

      -chris.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: