IDS mailing list archives
Re: IDS thoughts
From: "Raistlin" <raistlin () gioco net>
Date: Tue, 3 Jun 2003 09:15:26 +0200
I disagree. Anytime you have an interface between zones of different
risk,
liability, threat, or whatever, there should be: -A policy which enunciates and addresses this difference -A mechanism for enforcing this policy -A mechanism for auditing the enforcement of this policy
Yes. But, as long as you can clearly DEFINE this policy, the enforcement mechanism and the detection mechanism can be the same. If you check twice against the same rule, you are not doing "anomaly detection" - at least, not in my concept :-) You are doing anomaly detection if you hunt down anomalous data in a dataset which is not, a priori, defined by a set of formally specificable rules. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Re: IDS thoughts Stefano Zanero (Jun 02)
- Re: IDS thoughts Stephen P. Berry (Jun 02)
- Re: IDS thoughts Raistlin (Jun 03)
- Re: IDS thoughts Stephen P. Berry (Jun 03)
- Re: IDS thoughts Raistlin (Jun 03)
- <Possible follow-ups>
- Re: IDS thoughts Jimi Thompson (Jun 02)
- Re: IDS thoughts Stephen P. Berry (Jun 02)