RE: RE: IDS (was: FW appliance comparison)

["Bill Royds" <bill () royds net>]

 The quote below is the heart of the problem. Most IT shops these days see the
word programming (or even scripting) and give you the sign of the cross.
Computer people don't know how to program these days and it is the kiss of death
for anything to say "just a little programming". 

In some places, anyone who knows how to program is almost seen as a security
risk, almost a dreaded "hacker". That is why people ask for $80K SIM systems.
They want someone else to tell them how to pick out the important data out of
log files. A 20 line Perl program is much too complex.

-----Original Message-----
From: Marcus J. Ranum
Sent: Monday, January 30, 2006 7:22 PM
 <snip>

Seriously, though, 1 gig of compressed data per hour
means a bunch of different stuff; namely that you were
compressing it (which is fairly CPU and memory intensive)
on the fly -- so you could just as easily be doing something
else with it like running it through a stoplist or something
to prune out the stuff you know is garbage. Yes, that is
site-specific stuff and to do it right we're talking a little
bit of programming -- not rocket science type programming;
more like an awk script.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards