IDS mailing list archives
Re: IDS is dead, etc
From: "Sam f. Stover" <sstover () iwc sytexinc com>
Date: Fri, 8 Aug 2003 12:19:21 -0400
A perfectly implemented firewall allows no protocols through for which there are vulnerable implementations inside. That means it's impossible to implement a perfect firewall if you're going to allow Windows users to have internet access. You can come moderately close, with a hideous amount of work, but you'll still be very exposed, and an IDS will be critical reinforcement of your flawed security.
Ok - I'll bite... Are you talking platonic perfect or worldly perfect? If you mean platonic perfect, I'll agree, but given your statement below, I think you mean perfect w/ regard to a properly configured network i.e. possible in the "real" world.
How does this address 0-day attacks on services that weren't previously vulnerable? Granted a strings searching IDS might not help you there, but a true protocol based IDS like NFR might alert you to something that wasn't an issue before you implemented your "perfect" firewall.
I guess my real question is how to keep your firewall perfect? The instant you drop it in place, you'll have to stay ahead of every hacker out there to keep it perfect... An an IDS is a great tool to assist in that pursuit. Maybe I'm picking nits, but I've always thought of an IDS as a great passive device that will always be there to sniff your traffic in for when something new pops up...
But given suitable systems configuration, it is possbile to have a perfect firewall, and if you do then an IDS is just an educational tool, and would probably be most useful in concert with a honeypot.
Also, isn't every IDS implementation an educational tool to some degree? SfS ____ S.f.Stover sstover () iwc sytexinc com
Attachment:
PGP.sig
Description:
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc Paul Schmehl (Aug 06)
- Re: IDS is dead, etc Bennett Todd (Aug 06)
- Re: IDS is dead, etc maz (Aug 07)
- Re: IDS is dead, etc M. Dodge Mumford (Aug 07)
- Re: IDS is dead, etc Paul Schmehl (Aug 06)
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
- RE: IDS is dead, etc Mark Tinberg (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 07)
- Re: IDS is dead, etc Sebastian Schneider (Aug 07)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)