Dailydave mailing list archives

Re: lots of monkeys staring at a screen....security?

From: Jan Münther <jan.muenther () nruns com>
Date: Sun, 29 Oct 2006 18:35:10 +0100

I might be missing something, but I really don't get why we should care
about all those "simplistic old attacks" - shouldn't we already be
immune to them?

Of course we should.
What I see "out there" on a daily basis speaks a different language, though.

I've had a longer discussion with a client about IDS/IPS not too long
ago, my standpoint being that it's generally futile.
His position was a bit different, simply because they were expecting
something else from their IPS than the miracles the vendors promise.
They basically use it for essential network hygiene, keeping users in
one network from infecting others in a different segment. So yeah, they
essentially use it as a means of network segregation, which I didn't
find superfluous at all (granted, that is only interesting given a
certain network size, and theirs is huge).

One of the funnier stories was some colleagues of mine owning a client
backwards and forwards, and then, in the concluding final meeting, one
of the execs asked whether one of those IDS systems would have helped.
Then, one of the techies slowly raised his hand and said "Uhm... we do
have one of those.".
I also remember doing some pen tests where one of the explicit purposes
was to test the reaction of managed IDS providers. Apart from one (which
was a false alarm), they all never reacted.

One thing with IDS/IPS is of course these things need to parse pretty
much every protocol under the sun. This of course opens great attack
vectors, and there has even been a worm going at the ISS appliances and
host software (the engine was the same on all of them), of which I heard
took out at least one entire company (as in out of business).

That is something I find slightly ironic: Particularly IPS are often
strategically placed within the DMZs, directly before the crucial
servers. Now, if your IPS is vulnerable, and it gets pwned, the attacker
is right where he/she wants to be.


Best regards,

Jan
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: lots of monkeys staring at a screen....security?, (continued)
- - - Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
    - Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
    - Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
    - Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
    - Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
    - Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
    - Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
    - Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
    - Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 30)
    - Re: lots of monkeys staring at a screen....security? Ross Brown (Oct 31)
    - Re: lots of monkeys staring at a screen....security? Jan Münther (Oct 29)
    - Re: lots of monkeys staring at a screen....security? dmc (Oct 30)
- FW: lots of monkeys staring at a screen....security? Des Ward (Oct 29)