Dailydave mailing list archives
Re: lots of monkeys staring at a screen....security?
From: Kevin Johnson <kjohnson () secureideas net>
Date: Sat, 28 Oct 2006 09:40:02 -0400
On Oct 27, 2006, at 10:30 AM, Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Making IDS part of a defense in depth strategy is giving it some credit for actually providing defense, which it doesn't do. The people who win the IDS game are the people who spend the least money on it. This is why security outsourcing makes money - it's just as worthless as maintaining the IDS yourself, but it costs less. Likewise, Snort is a great IDS solution because it does nothing but it does it cheaper.
Part of any defense is the ability to detect when things fail. I think that we want to throw out technology because it doesn't do everything. I see every day systems being attacked by simplistic old attacks that IDS systems can warn you about. Is it the best solution, no. I actually don't think it is a solution all by itself. I think that saying something is great because it does nothing cheaper is a ridiculous line intended to irritate instead of addressing the issue.
The technology curve is towards complex, encrypted, asynchronous protocols. The further into time you look, the worse the chances are that sniffing traffic is an answer to anything.
So what is your answer. I learned a long time ago that saying something didn't work with out giving a better solution was a game played by people who wanted to appear smarter then they are. And I know that doesn't fit you so what is the solution?
The market is slowly realizing this technology's time has past, but in the meantime lots of people are making giant bus-loads of cash. Good for them. But IDS technology isn't relevant to a security discussion in this day and age and it's not going to be anytime soon.
Again, I think this is an extremist view that doesn't have a place in reality.<grin> People are going to make boatloads of cash, I wish I was included, and most times a company deploying IDS' aren't going to do it right and that needs to change. but this doesn't invalidate the technology.
imho, - -dave
Just my opinion. But you might want to check out http:// taosecurity.blogspot.com/2006/10/response-to-daily-dave-thread.html which is a much better write up then I could ever do. Kevin _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: lots of monkeys staring at a screen....security?, (continued)
- Re: lots of monkeys staring at a screen....security? Ron Gula (Oct 28)
- Re: lots of monkeys staring at a screen....security? liquidfish (Oct 27)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 28)
- Re: lots of monkeys staring at a screen....security? Thomas Ptacek (Oct 29)
- Re: lots of monkeys staring at a screen....security? Gadi Evron (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Paul Wouters (Oct 27)
- Re: lots of monkeys staring at a screen....security? Blue Boar (Oct 27)
- Re: lots of monkeys staring at a screen....security? Florian Weimer (Oct 29)
- Re: lots of monkeys staring at a screen....security? Kevin Johnson (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 29)
- Re: lots of monkeys staring at a screen....security? David Maynor (Oct 29)
- Re: lots of monkeys staring at a screen....security? Joanna Rutkowska (Oct 30)
- Re: lots of monkeys staring at a screen....security? Ross Brown (Oct 31)
- Re: lots of monkeys staring at a screen....security? Jan Münther (Oct 29)
- Re: lots of monkeys staring at a screen....security? dmc (Oct 30)