IDS mailing list archives
RE: IDS is dead, etc
From: "JAVIER OTERO" <jotero () SMARTEKH com>
Date: Tue, 12 Aug 2003 09:27:37 -0500
In my opinion IDS will dead in actual form, when you are notified about an atack is better that dont know, but is better stop the attack. The IDS must evolutionate to firewall technology and viceversa, firewall must include IDS technolgy, for stop attacks. One vendor that is doing this is netscreen, they have the IDP (IDS + prevention)and they are working in add to their FW some IDP features. This will put in the internet gateway more security, and more tuning, but still will be required the internal IDP, like antivirus you require in gateway, mail and PC they can still put an infected diskete. Ing. Fco. Javier Otero De Alba Diplomado en Seguridad Informática ITESM CEM Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F. -----Mensaje original----- De: Jason Haar [mailto:Jason.Haar () trimble co nz] Enviado el: Lunes, 11 de Agosto de 2003 08:18 p.m. Para: focus-ids () securityfocus com Asunto: Re: IDS is dead, etc On Fri, Aug 08, 2003 at 10:24:46AM -0700, Scott Wimer wrote:
I really like your description of NIDS as AV scanners for the network. That's classic. Although, some will argue that the more behavioral oriented NIDS have moved past that point. *shrug*
Heh - as they say, "there's nothing new under the Sun". AV scanners have had "behavioral" characteristics for years - some even run sandboxes in which to partially run the suspected file to see what it does. All this falls under "heuristics" technology.
invaluable tool for network managers. But, a NIDS is not the security "solution" that they are marketed as.
They have their place - but you have to think outside the square. The best use I have found for our IDS network is *not* on it's 1,000+ alerts a day that it generates, it's on the hand-written rules that basically say "here are the network things our DMZ hosts are allowed to do, PAGE WHEN THEY DO ANYTHING ELSE"... Can you say "Zero False Positives"? [wow: IDS marketing Nirvana] IDS's are good for showing senior management how "dangerous" the Internet is - so that you can get more funding to buy more IDS systems - err, wait-a-minute... ;-) Actually there's another use. Having a visible IDS within your IT Team allows you to show your network and server groups just _why_ they need to install patches/stay up-to-date with training,etc. It can be hard for Security staff to push better practices when all these groups feel is "more work for me". I forever hear people saying "oh, no-one would be interested in hacking *us*" - unfortunately it's all totally impersonal these day. Eveyone is a target. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm ---------------------------------------------------------------------------
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)
- Re: Belaboring the point of FPs Martin Roesch (Aug 13)
- Message not available
- Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)
- RE: IDS is dead, etc Omar Herrera (Aug 13)
- Re: IDS is dead, etc Jonathan Rickman (Aug 15)
- Re: IDS is dead, etc Paul Schmehl (Aug 19)
- Re: IDS is dead, etc Jonathan Rickman (Aug 21)