Firewall Wizards mailing list archives
Re: IDS: some rambling
From: "George M. Jones" <gjones () CompuServe NET>
Date: Fri, 20 Feb 1998 12:09:34 -0500 (EST)
On Thu, 19 Feb 1998, Ivan Arce,CORE wrote:
but if the first attack failed and your firewall/ids detected AND reported it, theres a good chance that a human being is drag into the game and can detect those things that a non-human security component cant. In that sense is that i consider an IDS some sort of 'early-warning' system.
That is a paradigm which works with small numbers of attacks. I would argue (from painful day-to-day experience of being under-staffed) that the most easily exhausted resource is the human resource. The resourceful hacker will first send out a string of bogus decoy attacks to tie up even the most well staffed Incident Response Team. George Jones, Internet Security Engineer, CompuServe Network Services Email: George.Jones () CompuServe NET, Voice: +1 614 723-4560 Snail Mail: 5000 Britton Rd., PO BOX 5000, Hilliard, Ohio 43026-5000 USA PGP: 1024/8C1CEFC9 Fingerprint 20 79 AE 12 D0 8C 44 8F C5 37 2B 40 EA F5 C3 35
Current thread:
- IDS: some rambling Marcus J. Ranum (Feb 18)
- Re: IDS: some rambling Ivan Arce,CORE (Feb 19)
- Re: IDS: some rambling George M. Jones (Feb 20)
- Re: IDS: some rambling Ivan Arce,CORE (Feb 19)