IDS mailing list archives
Re: IDS is dead, etc
From: Bennett Todd <bet () rahul net>
Date: Fri, 8 Aug 2003 11:13:27 -0400
2003-08-07T16:49:10 Barry Fitzgerald:
Oh yes, and someone (perhaps tongue-in-cheek) mentioned that a properly configured firewall removes the need for an NIDS.
Perhaps you're referring to my comment: 2003-08-06T14:57:53 Bennett Todd: > 2003-08-06T07:39:28 Paul Schmehl: > > Why would you want to know about Nimda attacks > > against your servers? > > (or more generally, attacks that won't succeed) > > Some people _don't_ care. They need to disable the > sigs they don't care about, or configure their IDS > to only match those sigs against servers for which > they're relevent. > > The limiting case of this argument says that given > a really perfectly implemented firewall, you don't > need an IDS at all. Some folks don't.
I have to chime in and say that I couldn't possibly disagree more.
Understandable. I really shouldn't have included that remark; or else I should have expanded on it. I didn't say "properly configured firewall", I said "really perfectly implemented firewall", and I meant something different by that, although I neglected to explain. A perfectly implemented firewall allows no protocols through for which there are vulnerable implementations inside. That means it's impossible to implement a perfect firewall if you're going to allow Windows users to have internet access. You can come moderately close, with a hideous amount of work, but you'll still be very exposed, and an IDS will be critical reinforcement of your flawed security. But given suitable systems configuration, it is possbile to have a perfect firewall, and if you do then an IDS is just an educational tool, and would probably be most useful in concert with a honeypot. -Bennett
Attachment:
_bin
Description:
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc David W. Goodrum (Aug 05)
- Re: IDS is dead, etc Paul Schmehl (Aug 06)
- Re: IDS is dead, etc Bennett Todd (Aug 06)
- Re: IDS is dead, etc maz (Aug 07)
- Re: IDS is dead, etc M. Dodge Mumford (Aug 07)
- Re: IDS is dead, etc Paul Schmehl (Aug 06)
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
- RE: IDS is dead, etc Mark Tinberg (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 07)
- Re: IDS is dead, etc Sebastian Schneider (Aug 07)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- Re: IDS is dead, etc David W. Goodrum (Aug 05)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)