IDS mailing list archives
Re: IDS is dead, etc
From: Bennett Todd <bet () rahul net>
Date: Fri, 8 Aug 2003 13:40:21 -0400
2003-08-08T13:24:46 Scott Wimer:
I think we are on the same page as to the utility of IDS systems.
Agreed.
Where we differ is in our estimation of the level of vulnerability of software that is "known" to be good and secure.
I'm not convinced this is true. I feel that you're putting words in my mouth. Unless I'm misunderstanding you, you seem to be responding to a claim that one can have perfectly secure software. I've not made such a claim, and will stand beside you refuting it. Perhaps once again my poor choice of words in that initial statement "perfect firewall" is biting me.
The number of systems that are backdoored -- today, and the number of non-public vulnerabilities and exploits is slightly disturbing.
Sure --- but unless the black hats are the folks selling the IDSe, the IDSes won't catch these secret exploits anyway.
Although, some will argue that the more behavioral oriented NIDS have moved past that point.
I've heard of one device that I can believe can alert on a heretofore totally unknown exploit. Not all of 'em, of course, but some. That's Mazu Networks's enforcer/profiler gizmos. I myself wouldn't call 'em an IDS, I think they're something different, much more valuable, and their IDS functionality is the smallest part of what they're good at. To my tastes, their host classification and "what-if" modelling are the really hot capabilities. If they were as affordable as an IDS, then I think they'd help bolster your claim, but they really are something else and different. IDSes detect known exploits, and sometimes heretofore unknown exploits of clearly known and understood vulnerabilities. -Bennett
Attachment:
_bin
Description:
Current thread:
- RE: IDS is dead, etc, (continued)
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
- RE: IDS is dead, etc Mark Tinberg (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 07)
- Re: IDS is dead, etc Sebastian Schneider (Aug 07)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)
- Re: Belaboring the point of FPs Martin Roesch (Aug 13)
- Message not available
- Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)