Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: "Ross Brown" <rbrown () eeye com>
Date: Mon, 30 Oct 2006 16:28:23 -0800
There is a pareto curve for everything, including attacks. The IPS/IDS network layer products are going to be an effective filter against the mass attacks that are known (think broad and common), not the uncommon and targeted. In other words, it's a fairly effect noise filter, but not an effective solution against someone who is targeting your network with both intellect and determination. One vulnerability can lead to N exploit variants both N(known) and N(unknown). The NIPS products are great for the N(known), but the monetary value in being a bad guy is in the creation and relative scarcity of N(unknown) variants for known vulnerabilities, where the NIPS products are typically creating the illusion of security. In other words, if your smart and want in, typical network IPS isn't gonna slow you down too much. RB ____________________________________ Ross Brown Chief Executive Officer eEye Digital Security 949.900.4121 (o) 949.463.7146 (m) rbrown () eeye com Professional Profile and Blog FREE Trial Downloads: Visit www.eeye.com to download trial versions of our award-winning proactive security software, including: Retina(r) Network Security Scanner, SecureIIS(tm) Web Server Protection, and Iris(r) Network Traffic Analyzer. Review upcoming advisories at www.eeye.com/html/Research/Upcoming/index.html . Important Notice: This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender. -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Joanna Rutkowska Sent: Monday, October 30, 2006 6:39 AM Cc: dailydave Subject: Re: [Dailydave] lots of monkeys staring at a screen....security? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/06, Joanna Rutkowska <joanna () invisiblethings org> wrote:Kevin Johnson wrote:Part of any defense is the ability to detect when things fail. I think that we want to throw out technology because it doesn't do everything. I see every day systems being attacked by simplistic old
attacks that IDS systems can warn you about.I might be missing something, but I really don't get why we should care about all those "simplistic old attacks" - shouldn't we already be immune to them? joanna.
hey, let's do the bottom-posting, shall we? ;)
David Maynor wrote:No, everytime somebody does a fresh install of Windows 2000 for some project and doesn't update to the current patch levels you can be hit
by those same old attacks. Alot of people forget that not every company in the world is focused on security and as long as something works doing things like applying patches or upgrading to the latest versions is not the most important thing.
That's the point! So many people think that they can be lazy with patching because they have an IDS/IPS which is going to protect them... But the ID/PS is usually capable of blocking only known exploits for a particular bug. So, in fact, it doesn't even protect them against the old vulnerabilities being exploited, only against the old, unmodified exploits. Not to mention tricks, like Dave's "covertness bar" :) joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFRg54ORdkotfEW84RAuJMAKCPZV0fw8Fl8QyanmOjwfDiQHp6IgCfQ5tK 5RcEMX5fYTEmeC28LNddXKI= =EZdt -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: lots of monkeys staring at a screen....security?, (continued)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 30)
- Re: lots of monkeys staring at a screen....security? Ross Brown (Oct 31)
- Re: lots of monkeys staring at a screen....security? Jan Münther (Oct 29)
- Re: lots of monkeys staring at a screen....security? dmc (Oct 30)