Re: Intrusion Detection Systems, Best of breed?

["R. DuFresne" <dufresne () sysinfo com>]

On Mon, 24 Dec 2001, Lance Spitzner wrote:

> On Mon, 24 Dec 2001, Talisker wrote:
>
> > Ofir is absolutely right (as always) the IDS defence in depth approach is
> > best, I steered clear of it in my original post so as not to confuse too
> > much, (but NIDS is still the IDS of choice and offers more hits per pound)
>
> heh heh, can't pass this up. Since we are talking about defence in depth,
> how about the use of honeypot technologies to add to detection?  Honeypots
> have the advantage of reducing false positives while capturing false
> negatives.

Perhaps in those specialised settings whence the company has the folks
skilled to setup and care and feed for such a system, asumng this does not
attrack additional alerts they have to respond to with short staff.  But,
considering that few companies have the skilled folks to setup and care
and feed an IDS system, let alone skilled admins to securly rollout
systems for the DMZ or the corporate backbone user services they are
supposed to support, it seems like this might well be beyond those
companies abilities.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  sysinfo.com
                  http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards