Dailydave mailing list archives
Re: Britney and Kevin are Chaotic
From: byte_jump <bytejump () gmail com>
Date: Thu, 26 May 2005 16:24:13 -0600
This is a question for everyone that is bashing IDS: What is an alternative? Surely host-based security implementations such as PaX, grsecurity, systrace, blah, blah are useful and effective, but they can't be added to every host on the network, nor every server in your critical areas. IDS serves a useful purpose, in my opinion, though that usefulness is far less than what the IDS vendors tout. Protocol reassembly, encryption, etc. are all going to clobber NIDS, but it still can be useful in detecting anomalies and other low-hanging-fruit-type attacks. In other words, it's not a zero-sum game, but NIDS can play an important role in security. If you don't agree, what's the alternative? byte_jump (BTW, I use the "byte_jump" handle as a tribute to the ugly hack that is Snort's rule syntax. The byte_jump detection mechanism in Snort's rules is an awful hack - as am I.) On 5/26/05, Chris Anley <chris () ngssoftware com> wrote:
Steve Lord wrote:I think it's worse than a smoke detector. An IDS would be a smoke detector that informs you that your house has already been burnt to the ground, and needs rebuilding from scratch.You need an IDS like you need someone telling you that you have a hole in the head. (sorry). -chris. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Britney and Kevin are Chaotic Dave Aitel (May 26)
- Re: Britney and Kevin are Chaotic Rodney Thayer (May 26)
- Re: Britney and Kevin are Chaotic Ian Melven (May 26)
- Re: Britney and Kevin are Chaotic Rodney Thayer (May 26)
- Re: Britney and Kevin are Chaotic Steve Lord (May 26)
- Re: Britney and Kevin are Chaotic Chris Anley (May 26)
- Re: Britney and Kevin are Chaotic byte_jump (May 26)
- Re: Britney and Kevin are Chaotic Chris Anley (May 26)
- Re: Britney and Kevin are Chaotic Adam Shostack (May 26)
- Re: Britney and Kevin are Chaotic byte_jump (May 26)
- Re: Britney and Kevin are Chaotic Holden Williamson (May 26)
- Re: Britney and Kevin are Chaotic dan (May 26)
- Re: Britney and Kevin are Chaotic Andrew R. Reiter (May 26)
- RE: Britney and Kevin are Chaotic El Nahual (May 26)
- Re: Britney and Kevin are Chaotic joanna (May 27)
- RE: Britney and Kevin are Chaotic El Nahual (May 27)
- Re: Britney and Kevin are Chaotic joanna (May 27)
- Re: Britney and Kevin are Chaotic Ian Melven (May 26)
- Re: Britney and Kevin are Chaotic Rodney Thayer (May 26)