IDS mailing list archives
RE: Changes in IDS Companies?
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Wed, 13 Nov 2002 01:38:01 -0800
Actually, I'll have to respectfully disagree. There are many systems that run in various environments where for one reason or another you simply can't patch them immediately (or in some bad cases, any time soon), in those cases, you absolutely want to implement protective measures (firewalling, changes in configuration (if possible), isolation, etc...) but those situations are exactly the sort of place where a GIDS _would_ be useful and appropriate. While it isn't the ideal or final solution (removing the vulnerability would be that), it is a reasonable interim solution to manage the risk until a real solution can be implemented. As any sysadmin can tell you, sometimes the patch is worse than the vulnerability. Downtime from a bad patch can be just as bad or worse than downtime from a compromise. :) All opinions are my own and in no way reflect the views of my employer. Toby
-----Original Message----- From: Dominique Brezinski [mailto:dom () decru com] Sent: Tuesday, November 12, 2002 2:29 PM To: detmar.liesen () lds nrw de; focus-ids () securityfocus com Subject: Re: Changes in IDS Companies? For a smart-ass response, see below.... ----- Original Message -----From: <detmar.liesen () lds nrw de> To: <focus-ids () securityfocus com> Sent: Monday, November 11, 2002 11:40 PM Subject: AW: Changes in IDS Companies?<snip>I don't have enough practical experience to tell if thefollowing idea is good,but I suggest using a GIDS as a protecting device with just the mostimportantsignatures that are knownt to reliably detect/block thoseattacks we fear most:-worms -trojans/backdoors -well-known exploitsI hate to state the obvious, but if we know enough about these threats to write a signature to detect them, then we know enough to re-configure our systems to be immune to them. Having a GIDS protect against such things just leads to a false sense of security.
Current thread:
- RE: Changes in IDS Companies? Kohlenberg, Toby (Nov 02)
- RE: Changes in IDS Companies? Kevin Timm (Nov 04)
- <Possible follow-ups>
- RE: Changes in IDS Companies? Frank Knobbe (Nov 02)
- Re: Re: Changes in IDS Companies? Proxy Administrator (Nov 02)
- Re: Re: Changes in IDS Companies? Proxy Administrator (Nov 09)
- Re: Re: Changes in IDS Companies? Aaron Turner (Nov 11)
- Re: Changes in IDS Companies? Andrew Plato (Nov 11)
- RE: Changes in IDS Companies? Kohlenberg, Toby (Nov 13)
- IDS for DataBase Systems. Hemant Ramnani (Nov 13)
- Re: Changes in IDS Companies? Gary Golomb (Nov 13)
- Re: Changes in IDS Companies? Dominique Brezinski (Nov 13)