IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Changes in IDS Companies?

From: "Stephane Nasdrovisky" <stephane.nasdrovisky () uniway be>
Date: Fri, 18 Oct 2002 10:49:18 +0200

Clint Byrum wrote:


Then the system is setup with schedules, to allow for the expected
behaviors of arrivals and departures, cleaning, etc.


The analogy have its limitations.

The alarm, in the public part of our building is shut down during business
hours so that customers can enter our building.

By analogy, I guess the IDS protecting our public servers should be turned off
during business ours, which means, the IDS should always be down.

The traditional alarm systems are in fact even weaker in term of false
positive than most IDS, they do not seems to be a good goal for IDS
developpers.

Am I totally wrong ?



Other things just look suspicious, and we have to make a judgement call
as to whether or not we're going to alert, or even shut down a
connection, based on that suspicion. Now.. how to make that judgement
call easy, is anyone's guess. :-P


My dream: an IDS that learns from past judgement.
Previous By Date Next
Previous By Thread Next

Current thread: