Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: Jan Münther <jan.muenther () nruns com>
Date: Sun, 29 Oct 2006 18:35:10 +0100
I might be missing something, but I really don't get why we should care about all those "simplistic old attacks" - shouldn't we already be immune to them?
Of course we should. What I see "out there" on a daily basis speaks a different language, though. I've had a longer discussion with a client about IDS/IPS not too long ago, my standpoint being that it's generally futile. His position was a bit different, simply because they were expecting something else from their IPS than the miracles the vendors promise. They basically use it for essential network hygiene, keeping users in one network from infecting others in a different segment. So yeah, they essentially use it as a means of network segregation, which I didn't find superfluous at all (granted, that is only interesting given a certain network size, and theirs is huge). One of the funnier stories was some colleagues of mine owning a client backwards and forwards, and then, in the concluding final meeting, one of the execs asked whether one of those IDS systems would have helped. Then, one of the techies slowly raised his hand and said "Uhm... we do have one of those.". I also remember doing some pen tests where one of the explicit purposes was to test the reaction of managed IDS providers. Apart from one (which was a false alarm), they all never reacted. One thing with IDS/IPS is of course these things need to parse pretty much every protocol under the sun. This of course opens great attack vectors, and there has even been a worm going at the ISS appliances and host software (the engine was the same on all of them), of which I heard took out at least one entire company (as in out of business). That is something I find slightly ironic: Particularly IPS are often strategically placed within the DMZs, directly before the crucial servers. Now, if your IPS is vulnerable, and it gets pwned, the attacker is right where he/she wants to be. Best regards, Jan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: lots of monkeys staring at a screen....security?, (continued)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 30)
- Re: lots of monkeys staring at a screen....security? Ross Brown (Oct 31)
- Re: lots of monkeys staring at a screen....security? Jan Münther (Oct 29)
- Re: lots of monkeys staring at a screen....security? dmc (Oct 30)