IDS mailing list archives
Re: Changes in IDS Companies?
From: "Dominique Brezinski" <dom () decru com>
Date: Tue, 12 Nov 2002 14:29:06 -0800
For a smart-ass response, see below.... ----- Original Message -----
From: <detmar.liesen () lds nrw de> To: <focus-ids () securityfocus com> Sent: Monday, November 11, 2002 11:40 PM Subject: AW: Changes in IDS Companies?
<snip>
I don't have enough practical experience to tell if the following idea is
good,
but I suggest using a GIDS as a protecting device with just the most
important
signatures that are knownt to reliably detect/block those attacks we fear
most:
-worms -trojans/backdoors -well-known exploits
I hate to state the obvious, but if we know enough about these threats to write a signature to detect them, then we know enough to re-configure our systems to be immune to them. Having a GIDS protect against such things just leads to a false sense of security.
Additionally, NIPS vendors should always maintain a list of those most
common
and most dangerous attacks that also gives information about known false-positives for these signatures.
Yeah, so we can patch or re-configure or systems to be immune to vulnerabilities and not use their products ;> On a good day signature-based NIDS cost organizations money to run for no actionable return....On a bad day they leave the organization feeling secure when they are not. Dom
Current thread:
- AW: Changes in IDS Companies? detmar . liesen (Nov 12)
- Re: Changes in IDS Companies? Dominique Brezinski (Nov 12)
- <Possible follow-ups>
- AW: Changes in IDS Companies? detmar . liesen (Nov 13)