Firewall Wizards mailing list archives
Re: The value of detecting neutralized threats. (was RE: IDS bla
From: Vik Bajaj <vbajaj () sas upenn edu>
Date: Wed, 27 Jan 1999 20:19:48 -0500 (EST)
On 26-Jan-99 Dominique Brezinski wrote:
OK, here is a classic example of theory versus practicality. I agree in theory with John. I personally want to know every time someone tries to do
[snip]
And one knowledgeable person to run it will cost you $100,000+ per year, not to mention all the legal research and effort necessary to come up with the threat response plan and policies.
It does not follow from the simple fact that a threat is known, perceived, or detected that a response should be mounted. If we accept that assertion, than no IDS can ever be successful. In fact, a persuasive argument can be made for aggressive loging to be used as evidence, retrospectively, in the event of a penetration, or as a form of liability risk mitigation. In any case, I think the crux of the matter is that security involves applied theory, subject to financial, personal, and political constraints. Thus, a generic consensus on what is an appropriate threshold for intrusion detection is neither productive nor necessary. As has been pointed out, it is even more pointless to attempt to divide organizations across arbitrary lines (government, military, corporate, educational), as the needs of users within large organizations or sectors are disparate enough that a canned solution will serve no single entity well. Obviously, you have to know the client well enough to generate solutions that fit his needs and budgets; it's part of the job. --Vik
Current thread:
- The value of detecting neutralized threats. (was RE: IDS blah blah) John Kozubik (Jan 26)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) Dominique Brezinski (Jan 27)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Vik Bajaj (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Dominique Brezinski (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Joe LoBianco (Jan 29)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) David LeBlanc (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS bla Vik Bajaj (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) David Gillett (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) Dominique Brezinski (Jan 27)