Firewall Wizards mailing list archives
Re: Intrusion Detection Systems, Best of breed?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 25 Dec 2001 22:40:48 -0500 (EST)
On Mon, 24 Dec 2001, Lance Spitzner wrote:
On Mon, 24 Dec 2001, Talisker wrote:Ofir is absolutely right (as always) the IDS defence in depth approach is best, I steered clear of it in my original post so as not to confuse too much, (but NIDS is still the IDS of choice and offers more hits per pound)heh heh, can't pass this up. Since we are talking about defence in depth, how about the use of honeypot technologies to add to detection? Honeypots have the advantage of reducing false positives while capturing false negatives.
Perhaps in those specialised settings whence the company has the folks skilled to setup and care and feed for such a system, asumng this does not attrack additional alerts they have to respond to with short staff. But, considering that few companies have the skilled folks to setup and care and feed an IDS system, let alone skilled admins to securly rollout systems for the DMZ or the corporate backbone user services they are supposed to support, it seems like this might well be beyond those companies abilities. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Detection Systems, Best of breed?, (continued)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
- Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)
- RE: Intrusion Detection Systems, Best of breed? franks (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Robin S. Socha (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 27)
- Re: Intrusion Detection Systems, - Honeypots? R. DuFresne (Dec 28)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 28)
- Message not available
- Re: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 24)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 25)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? John Adams (Dec 26)